HP OpenVMS Systems

HP Advanced Server V7.3B for OpenVMS
Release Notes

Server configuration information in the OpenVMS Registry can be inadvertently changed or deleted. It is also possible for registry information to be unavailable to the Advanced Server. If the required parameters listed above are not available or do not match the information in the SAM database, you must restore the parameters to the OpenVMS Registry. To accomplish this:

1. Make sure registry services are available to the Advanced Server. The configuration procedure (PWRK$CONFIG.COM) and the startup procedure (PWRK$STARTUP.COM) attempt to start the OpenVMS Registry Server.
   The OpenVMS Registry control program (REG$CP.EXE) allows you to access information in the OpenVMS Registry. Use the LIST command to display information in the registry database. If registry information is displayed, the registry services are available. For information about setting up and enabling registry services, refer to the OpenVMS System Manager's Manual or the COM, Registry, and Events for OpenVMS Developer's Guide (included in the OpenVMS Documentation CD-ROM).
   Note that HP recommends that you use PWRK$REGUTL to manage server configuration parameters, because it has built-in knowledge of keys and values used by the Advanced Server, including the attributes of the data, such as minimum, maximum, and default values.
2. Restore the server configuration information in the OpenVMS Registry, using the server configuration parameter management utility PWRK$REGUTL.EXE. PWRK$REGUTL allows you to display and modify server configuration parameters in the OpenVMS Registry. It controls parameter modification, ensuring that parameter names are entered properly and that specified values are within valid ranges. For information about using the PWRK$REGUTL utility, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide.

For example, to restore the DomainName parameter in the OpenVMS Registry, use the PWRK$REGUTL utility as shown the following example. Be sure to enter the domain name exactly as it was initially specified the last time the configuration procedure (PWRK$CONFIG.COM) was run.

$ REGUTL :== $SYS$SYSTEM:PWRK$REGUTL.EXE
$ REGUTL
REGUTL> SET VALUE * DomainName domain-name /CREATE/FORCE

Set the values of the required parameters (DomainName, ComputerName_nodename, and AliasName (for OpenVMS Clusters), entering the names exactly as they were specified when the Advanced Server was last configured. The values at startup of all Advanced Server parameters in the OpenVMS Registry are listed in the following file, where nodename is the name of your server node:

PWRK$PARAMS:PWRK$REGISTRY_PARAMS_nodename.LIS

Once you have set the values of the required parameters, run the PWRK$CONFIG.COM configuration procedure to restore the remaining server configuration parameters. If the configuration procedure fails to complete successfully after this procedure, call your HP support specialist for assistance.

3.6 Enabling a Windows XP Client to Join and Log On to a Domain

If a Windows XP client is unable to join the server's domain, or a Windows XP user cannot log on to the domain, do the following on the Windows XP client. (If the Windows XP client is unable to rejoin a domain, see Section 13.6.1.4, Windows 2000 and Windows XP Clients Unable to Rejoin Domain.

1. Disable the client's certificate autoenrollment policy
2. Set the client's REQUIRESIGNORSEAL registry value to 0
3. Reboot the client

Before invoking the Configuration Manager with the ADMINISTER/CONFIGURATION command, make sure the OpenVMS Registry Server is running. If the Registry is not running, you will not be allowed to start the Configuration Manager. A message will notify you of this.

HP recommends that you have the Registry Server started automatically with system startup. If you need to start the Registry Server manually, enter the following command at the DCL prompt, as shown:

$ @SYS$STARTUP:REG$STARTUP

When you start up the Advanced Server using the PWRK$STARTUP.COM procedure, or the associated PWSTART command defined in the command definition file SYS$STARTUP:PWRK$DEFINE_COMMANDS.COM, the server is not automatically shut down. PWRK$STARTUP.COM issues the following message and exits with a status of 1 if the file server is already running:

PWRK-I-RUNNING, Advanced Server is already running on this node

If you would like the PWRK$STARTUP procedure (or PWSTART command) to stop the server automatically, use the PWRESTART command (contained in the PWRK$DEFINE_COMMANDS.COM file). PWRESTART invokes PWRK$STARTUP with RESTART as the P1 parameter, which shuts down the server before restarting.

To shut down and restart a file server, use one of the following:

• PWSTOP command, followed by PWSTART
• PWRESTART command
• PWSTART RESTART command

If the server is already running, a message will indicate so. If it is not running, it will start.

3.9 Shutting Down the OpenVMS System with the Advanced Server

Before shutting down the OpenVMS system, HP recommends that you first stop the Advanced Server.

3.10 External Authentication

External authentication can provide automatic password synchronization between an OpenVMS account and a corresponding Advanced Server domain account. Users who have both OpenVMS and Advanced Server domain user accounts can avoid maintaining two different passwords. If the domain account password is changed, the OpenVMS LOGINOUT program sets the OpenVMS account password to the domain account password the next time the user logs in to the OpenVMS account. If the user changes the OpenVMS password with the DCL SET PASSWORD command, the SET PASSWORD command sends the password change to the Advanced Server external authenticator. For synchronization to succeed, an Advanced Server domain controller must be available and the domain account password must meet OpenVMS syntax requirements.

3.10.1 Enabling External Authentication

When you start the Advanced Server, server external authentication is automatically enabled for user accounts tagged for external authentication in the SYSUAF (to enable external authentication, PWRK$ACME_STARTUP.COM defines bit 0 of the SYS$SINGLE_SIGNON logical in SYSTARTUP_VMS.COM to the value 1. You can disable external authentication by changing the default value of this bit. For information on disabling external authentication and on defining the other bits in the SYS$SINGLE_SIGNON logical, see Section 3.10.2, Disabling External Authentication.)

These are the steps to take to make sure external authentication works properly:

• Set the appropriate OpenVMS user accounts to allow external authentication (in SYSUAF).
• If the complete Advanced Server software is installed, start the server and external authentication will be enabled for all user accounts allowing external authentication.
  If the standalone Advanced Server external authentication software is installed, perform the following:
  1. Add the following lines to your SYSTARTUP_VMS.COM file:

     $ DEFINE/SYSTEM/EXE SYS$SINGLE_SIGNON 1 $ @SYS$STARTUP:PWRK$ACME_STARTUP.COM

     
     In a cluster, add these preceding two lines plus the following in a node-specific system startup file (not clusterwide); or if using a shared system startup file such as SYS$COMMON:[SYSMGR]SYLOGICALS.COM, ensure that you conditionalize the DEFINE command based on the node name (that is, using the lexical function F$GETSYI).

     $ DEFINE/SYSTEM/EXE PWRK$ACME_SERVER scsnode1_name[,scsnode2_name,...]

     
     Each scsnodex_name is an equivalence name, which is the SCSNODE name of a cluster member running an Advanced Server that can be used to process external authentication requests. You can include all, or a subset of, the names of the Advanced Server member nodes. This allows you to specify the order in which the requesting host contacts the hosts running the complete Advanced Server software for an authentication request. If the first node in the list does not respond, the requesting host asks the next host, and so forth.
• Establish host mapping between Advanced Server domain user accounts and the corresponding OpenVMS user accounts, if necessary. For more information, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide.
• If your Advanced Server is participating in an OpenVMS Cluster, set up external authentication on all cluster members. For more information, refer to the HP Advanced Server for OpenVMS Server Installation and Configuration Guide.
• If you want to change the default domain used for external authentication, set the system logical PWRK$ACME_DEFAULT_DOMAIN accordingly. (The local server's domain is the default domain for users when external authentication is established: if a user does not specify a domain name at login, the system uses the default domain for authentication.) For more information, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide.
• If establishing external authentication for users in trusted domains, add the name of the trusted domain(s) to the OpenVMS Registry value HOSTMAPDOMAINS. For more information, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide.

For more information about enabling external authentication on OpenVMS systems, refer to the OpenVMS Guide to System Security.

For information about enabling Authentication and Credential Management (SYS$ACM) for authenticating users and determining the user security profile for OpenVMS and Windows NT, refer to the COM, Registry, and Events for OpenVMS Developer's Guide (included in the OpenVMS Documentation CD-ROM).

3.10.2 Disabling External Authentication

If you want to disable external authentication, then before starting the Advanced Server, define the SYS$SINGLE_SIGNON logical in SYSTARTUP_VMS.COM to a value of 0, as in the following example:

$ DEFINE/SYSTEM/EXECUTIVE SYS$SINGLE_SIGNON 0

For more information, refer to the OpenVMS Guide to System Security.

3.11 Disabling Opportunistic Locking

Opportunistic locking is enabled by default. Under a few circumstances, customers might want to disable opportunistic locking, such as when they require immediate access to files at the OpenVMS system level. Typically, these customers would also disable open file caching. To disable this feature so that files are not locked, add the following two lines to the PWRK$COMMON:PWRK.INI file:

 [PLM]
     ENABLE_OPLOCKING = 0

Advanced Server for OpenVMS provides transparent support for the following TCP/IP network transport products:

• HP TCP/IP Services for OpenVMS, V5.1 or later (required for dynamic cluster load balancing in WANs)
• MultiNet for OpenVMS, from Process Software LLC
• TCPWARE for OpenVMS, from Process Software LLC

To use Advanced Server for OpenVMS with TCP/IP, see the basic instructions in the HP Advanced Server for OpenVMS Server Installation and Configuration Guide. See also the note about selecting a network adapter for the Advanced Server when the TCP/IP host is using multiple network adapters, in Section 2.5, New Features Provided by Advanced Server V7.3A for OpenVMS.

3.13 EIA0: (DE600, DE602) Is Known Device for all Transports

Beginning with Version 7.3A of the Advanced Server for OpenVMS, the network interface device EIA0: (for Ethernet DE600 and DE602, for example) is included in the server's list of known devices for all transport layers (TCP/IP, DECnet and NetBEUI).

3.14 NBSHOW: Purging, Reloading, and Displaying the NetBIOS Name Cache (KNB)

With the current version of the Advanced Server for OpenVMS, you can use the NBSHOW command to purge the NetBIOS name cache and reload it with LMHOSTS entries (entries that have the #PRE tag). The entries are purged and reloaded immediately without having to restart the Advanced Server for OpenVMS; prior to Version 7.3-ECO1 of the Advanced Server for OpenVMS, if you added #PRE entries to your LMHOSTS file while the server was already running, you had to restart the Advanced Server for OpenVMS to have the entries loaded into the cache.

You can also use the NBSHOW command to display the NetBIOS name cache contents. These capabilities are similar to those provided by the NBTSTAT utility on Windows NT and other Microsoft clients. The NetBIOS name cache is used by TCP/IP (associated with the PWRK$KNBDAEMON process).

NBSHOW is a special Advanced Server management command that is defined in the command file SYS$MANAGER:PWRK$DEFINE_COMMANDS.COM.

3.14.1 Displaying Contents of the NetBIOS Name Cache

To display the current contents of the NetBIOS (KNB) name cache, enter the NBSHOW KNBCACHE command at the DCL prompt, as in the following example:

$ NBSHOW KNBCACHE

     KNB NetBIOS Name Cache table [3 entries]

    Name         Type   Host Address      Life [secs]
------------------------------------------------------------
NINEMM      x20  UNIQUE 10.100.1.254         300
LANGROUP    x1b  UNIQUE 192.2.3.4             -1
SERVER1     x20  UNIQUE 192.2.3.4             -1

The command displays both the dynamic and static (preload) cache entries. Names with a lifetime indicated as "-1" are from the preload/static name cache, while names with a lifetime of 300 (seconds) are from the dynamic name cache. (The Advanced Server name cache timeout is five minutes.) If the server is not configured to use LMHOSTS, no preloaded names will be listed. If the server is not configured to use TCP/IP, the NBSHOW KNBCACHE command will display a message indicating so.

3.14.2 Purging the NetBIOS Name Cache and Reloading It

To dynamically purge the NetBIOS name cache and reload it from the LMHOSTS file, use the NBSHOW KNBCACHE command as in the following example:

$ NBSHOW KNBCACHE RELOAD
Preloaded NetBIOS name SERVER1         at 192.2.3.4
Preloaded NetBIOS name LANGROUP        at 192.2.3.4

Upon purging the cache, the command lists the preloaded entries drawn from the LMHOSTS file (entries with the #PRE tag). HP recommends that you use the NBSHOW KNBCACHE command to verify that the LMHOSTS names marked with the #PRE tag were indeed loaded into the cache.

3.15 Certain Clients Can Log On Using Only One Transport

On clients that use the LANMAN.INI file, the file might contain the WRKNETS keyword in the WORKSTATION section. This keyword specifies the network transports that the client can use and the order in which they are used. On Enhanced Redirector clients, these network transports are represented by local area network adapter (LANA) numbers.

The NET LOGON command works over LANA0 only, regardless of how many transports are loaded on the client. This might affect the client's ability to log on to a domain. For example, if a client runs both NetBEUI and DECnet, and WRKNETS associates NetBEUI with LANA0, NET LOGON fails if NetBEUI is not running on the server. If the domain logon fails, the client can still connect to servers but must provide a password for each session established.

To avoid this problem, do one of the following:

• Enable all of the transports that are common to both the server and client.
• Change the WRKNETS parameter to load a common server-client transport on LANA0 (for more information, refer to the client product documentation).

As noted in the HP Advanced Server for OpenVMS Server Installation and Configuration Guide, the Advanced Server provides optional client-based server administration tools that allow you to manage the server from Windows 98, Windows 95, Windows for Workgroups, or Windows NT clients. These tools are available in the PWUTIL share after installing, configuring and starting the server.

The SRVTOOLS directory in the PWUTIL share contains a subdirectory for each type of client computer. Refer to the README.TXT file in the appropriate subdirectory for instructions on installing the software on the client computer.

Refer to the Windows NT Server documentation or use online Help for more information about how to use Windows NT server administration tools.

The following section describes how to set up dynamic cluster load balancing when HP's TCP/IP Services for OpenVMS, V5.0A or later, is in use. For setting up this feature when the Multinet for OpenVMS or TCPWare for OpenVMS products are in use, refer to the appropriate product documentation.

To set up dynamic cluster load balancing in WANs, observe the following:

• Neither LMHOSTS nor WINS can provide dynamic load balancing with cluster-alias name resolution. For this feature, you must enable DNS for NetBIOS name resolution. The Advanced Server clients will then be able to use DNS for resolving the cluster alias. To correctly resolve the Advanced Server cluster alias and gain the benefits of cluster load balancing, all clients and servers should enable NetBIOS name resolution using DNS.
• You must remove any static entries for the cluster alias in the LMHOSTS file and the local hosts file on clients and servers, and you might need to remove any static entries for the cluster alias from the WINS database on WINS servers that are used by clients. (If Windows 95, Windows 98, or Windows NT clients are configured to use both WINS and DNS for NetBIOS name resolution, they first query the WINS server to resolve the name.)
  If you do not remove these static entries, the DNS load balancing feature will not work. WINS should still be the primary resource for resolving names.
• You must configure the TCP/IP Services for OpenVMS load broker. When configuring the load broker, the following load broker parameters are important regarding load balancing:
  • max-members
    The max-members parameter specifies the maximum number of IP addresses to be returned to the DNS name server in each dynamic update. Be sure to set this parameter to a value that is anywhere from one-third to one-half of the number of cluster members running the Advanced Server. The load broker will then send the DNS server a list of that number of servers on the cluster that have the least loads of all the server cluster members. The DNS server uses the list to answer clients' queries in round-robin fashion. Do NOT set the parameter to the actual number of cluster members running the Advanced Server; otherwise, the load broker will send the DNS server a list of all the server cluster members --- even the most heavily loaded members --- and load balancing will not be accomplished.
  • polling-interval
    The polling-interval parameter specifies the time interval between polls to the cluster members. The default is 30 seconds.
  • dns-refresh
    The dns-refresh parameter specifies how often the DNS information for a given DNS cluster name is refreshed. The default is 30 seconds. If you want to quickly pick up changes in the system load (reported by metric servers), set dns-refresh to a smaller number. This parameter should be set in conjunction with the polling-interval parameter --- when you change one, you should most likely change the other. Though both parameters default to the same value, the value of the dns-refresh parameter should be greater than or equal to that of the polling-interval parameter. It is unproductive to refresh more often than you poll. Again, for more details, refer to the TCP/IP Services for OpenVMS Management guide.
  
  For information on configuring the load broker, refer to the TCP/IP Services for OpenVMS Management guide.

The HP Advanced Server for OpenVMS Server Administrator's Guide lists the basic steps to follow for enabling dynamic cluster load balancing in WANs. Note that the HP Advanced Server for OpenVMS Server Administrator's Guide erroneously states that the cluster alias name should be registered at the authoritative DNS (BIND) name server for the cluster. You should make sure it is not registered at the DNS server. The cluster name is associated with the IP addresses of all cluster members that are running the Advanced Server. If the addresses of the cluster members are added to the DNS database, round-robin load balancing will be in effect instead of dynamic load balancing.

The HP Advanced Server for OpenVMS Server Administrator's Guide also recommends that you remove all entries for the cluster alias from the LMHOSTS file of all clients and servers. It fails to mention that you should also remove all entries for the cluster alias from the local hosts file.

3.18 The Advanced Server in an OpenVMS Cluster

The documentation now includes enhanced and expanded information on installing and managing the Advanced Server in an OpenVMS Cluster, and on licensing considerations in cluster environments. The following list summarizes some of the most important considerations for servers in an OpenVMS Cluster. Refer to the appropriate documentation for more information.