Radia - General Discussions

 
 
Brian Jakubowsky
Java and Patch Manager

I am doing a little discovery of leveraging the option to use Patch Manager to patch Java (JRE specifically). I think I have every thing setup correctly. (I am currently running 9.1). However, I don't seem to be to acquire any Update after JRE 1.8 Update 31 (JRE-1-8-UPD-31). JRE is currently at update 66. Update 31 was posted on 1-29-2015. I do see some articles on the Oracle site about some change made to their patching methodology around this time.

http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html

points to

http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Has anyone else experienced this? Is there a hotfix? I currently don't use this feature, so I can't say for something is broken. However, if anyone is using this feature successfully still (after 1-2015) let me know.

Thanks!

 

 

12 0
Brian Jakubowsky
BitLocker PIN disable on Radia Reboot

There was some discussion at the Radia Summit about getting Radia to not prompt for a BitLocker PIN upon reboot. I thought I would share what we do.. We basically configure a "Post Connection Script" (EXBEXIT) in COP. As part of that we run this code. It is partial and written in Winbatch but I think you will get the point. Basically, it is determining if Radia will reboot. If so, it uses the Microsoft utilities to read if PIN and TPM are enabled. If so, it runs the code to disable the PIN entry for one reboot. The only drawback that we live with is if the user cancels reboot, the PIN will not be promoted for on the next reboot (which could be a while). However, our security team was fine with the risk as the device is still encrypted, there is just no PIN for one boot.

FileWrite(hLogFile,StrCat(DateTime(),@tab,"Reboot (RADSETUP.BOOTTYPE) is ",BootType))
if BootType <> "N"
 FileWrite(hLogFile,StrCat(DateTime(),@tab,"A reboot is required. Running command to determine if PIN should be disabled on next reboot"))

 ManageBDE =  StrCat(WinDir,"\system32\manage-bde.exe") ; Default Location for 32-bit via Radia
 if FileExist(StrCat(WinDir,"\sysnative\manage-bde.exe"))
  ManageBDE =  StrCat(WinDir,"\sysnative\manage-bde.exe") ; if 64-bit, this is the location
 endif

 if FileExist(ManageBDE)
  output = GetStdOut(StrCat(ManageBDE," -protectors -get c:"))
  if StrIndexNc(output,"TPM AND PIN",1,@FWDSCAN)
   FileWrite(hLogFile,StrCat(DateTime(),@tab,"TPM AND PIN Found"))
   RunShell(ManageBDE, "-protectors -disable c:", "", @HIDDEN, @WAIT)
   FileWrite(hLogFile,StrCat(DateTime(),@tab,"Disabled PIN entry for next boot"))
  else
   FileWrite(hLogFile,StrCat(DateTime(),@tab,"TPM AND PIN NOT Found, not running command to disable PIN"))
  endif
 else
  FileWrite(hLogFile,StrCat(DateTime(),@tab,"Can not find manage-bde (key bitlocker file)"))   
 endif
endif

 

4 2
Brian Jakubowsky
Wake from Sleep and Keep Awake During Radia connect

I want to let our users have the option to connect their laptops from home over their internet connection at night. I already use a scheduled task to wake the computers from sleep to start a connect, however, what I did not realize until recently is that the computer goes back to sleep as soon as my script ends (and I stop my script after I fire the connect). I thought Windows would just stay awake until the "sleep after x minutes" is reached. However, that is not how it work out of a scheduled task. Does anyone have a solution for this already? I am also concerned about keep the machine awake through multiple reboots, etc during the connect.

6 0
Brian Jakubowsky
Using Apache for Download Manager

Due to the improved RCS performance (reduced load) of the “Patch Metadata Download” option on Patch Manager we implemented that model when we upgraded to Core-Sat (I think 5 years ago now). That option requires you to run the “Download Manager” which uses Apache resources instead of the CSDB resources. I must admit. I am not a big fan of this solution. I just wanted to share my experience, maybe I am overlooking something obvious. However, I had many support cases open for this in this past and I was only able to determine why we had such bad performance “out of the box” after learning a lot of Apache and the different options.

The “Download Manager” option requires a Patch Gateway, that will go out to the vendor and get the binaries. You need to pay special attention to these settings.

We have ~700 Streamline Sats that preload from our Full Service Satelitte servers. (typical). We preload the Apache patches just like we used to do when the binaries where in the CSDB.

First, the setting for “Time for which the binary is valid” in the Configuration, Distribution Settings. It by default is set to 7 days. My assumption was that after 7 days it would go upstream do a quick check and realized it already had the same file and re-stamp the date time. I was wrong, it actually downloads a fresh copy regardless if it already has a perfectly good file! This is how Apache works. That makes perfect sense of web servers with thousand of tiny files that can be easily refreshed. It does not make sense for 100 MB or greater patch binaries.

So imagine what happens when you are preloading 700 devices with say 10 GB of patches. Then every week it deletes the files and does it again!! Over and over. Complete breakdown of the process.

OK, I am not proud of this but to get around this we up the “Time for which the binary is valid” to 20 years (not a typo) on the patch gateway. We simply can’t have the file expire on all these remote locations.

Second, when you preload patches, you go against the upstream host only. There is no option to use COP. That make the flexibility of the product at a lot less and can’t use COP based bandwidth trotting.

There is no appevent reporting of patch preloads. There is not even a local “radstate” type file, you have to look in the log to if you had failures.

On the preload process there is a one hour download timeout per file!! So, if you were on a slow link with a big file, even if it was working just fine, the preload process will actually just give up and move on. It is not documented but you can configure that.

in patchgw.cfg add an “http_timeout” element with the timeout in seconds.

For now, I am sticking with this option as I believe it is the only option to reduce a big (in my opinion un-needed) load on the RCS for patch management. It has been working OK

However, I hope that in the future we can have a lightweight model that does not require the download manager / Apache.

1 0
Tony Rodal
Satellite Management Operations and Configuration tabs

Hi, I have an interesting issue. For any of our streamline satellites we are setting up we can access the satellite consoles from any computer in the company. When we try to access the operations and configurations tabs through the Radia Client Automation Enterprise 9.1 console we get the page can't be displayed. It's not a critical item because we can access it outside of the main console but it is quite irritating. Any ideas on what to try? Thanks for any help in advance.

2 0
Tobias Bergmann
RADIA 9.2 WINPE creation

Has anyone experience with the 9.2 Winoe-Build process. The process via the graphical tool Ends "succesful", but the start of this wim stops with a dosbox instead of starting the roma process.
We noticed, that the -hta files seem to be empty...

Many thanks for any hint

Tobias

3 0
Ekuberems
RCA Backup file and folder level

Hi,

How to take file and folder level backup of RCA? Is there any script for this task in RCA.

Regards,
Sumant Kulkarni

1 0
Ekuberems
alerts for desktop format or agent removal

Hi,

If any RCA agent gets removed or a desktop is formatted then the RCA agent gets removed and we cannot get any inventory or infor about the PC. Is there any mechanism in RCA that we can get alert for the removal of agent or desktop formatting.

Regards,
Sumant Kulkarni

7 0
Ekuberems
Can we schedule RCA reports to sent over mail

`HI,

Is there any feature to send RCA report over email message or schedule the report to be sent over email automatically.
Using this kind of feature we can save our efforts.

Regards,
Sumant Kulkarni

9 0
Ekuberems
Retrieving RCA agent status

Hi all,

I was wondering how can we check the RCA agent status on each client machine from core server.

Regards,
Sumant Kulkarni

5 0
Ekuberems
Broadcasting message through RCA

Hi,

I wanted to know whether we can broadcast a notification to all the client machines via RCA core server. If yes how this can be achieved ?

Regards,
Sumant Kulkarni

5 0
Ekuberems
How to use Radia self service manager

I have many software which are published in radia core server. But these are not displayed in Radia self service manager catalog. how to publish them in catalog?
can anyone help?

6 0
Ekuberems
can I shutdown a desktop using RCA Agent

I wanted to know whether i can remotely shutdown the desktops from core server by broadcasting any remote command to RCA agent machines.
Also wanted to know can i broadcast a message from core server to agent machines during any emergency situation?

8 0
Ekuberems
How to install RCA agent on client machine using setup.

I was trying to install RCA agent using the setup under D:\Program Files (x86)\PSL\RCA\Media\client\default\win32\setup.exe

But the wizard completes and only Agent folder gets created under C:\Program Files\PSL\RCA

While ideally when i push the agent remotely through server i get two folder Agent and Management Agent.
Why this happens. can any one help?

3 0
Basheer Ulhaq
uploading Radia object from .csv file

Hi,
I would like to create instances in user class using nvdkit. I know how to upload but would also like to attach workgroups to the created instance.
Any help is appreciated.

Thanks,
Basheer

3 0
Vijayan M
MS15-093 out of band patch

RADIA customers are able to acquire MS15-093 out of band patch successfully through Radia Patch Manager.

1 1
Vijayan M
MS15-091 for Windows 10, will be skipped from patch Acquisition

Microsoft released MS15-091 security bulletin only for Windows 10 Edge, During the patch acquisition for the Month Of August'15, this bulletin will be skipped from the acquisition.
Radia development team is working on Windows 10 patch and we will be releasing the hot-fix soon to support the same through Radia patch manager.

0 0
Sujith Kovval
Monthly security bulletins for AUG

Its looks like the bulletins are not yet published in Radia. Its taking time or any other issues in my environment. I didnt see the announcements also for patch release. All are waiting for the bulletins to get published or I am the only one still waiting..??

1 0
Sujith Kovval
Unable to download Out of band patches by using Radia patch manager.

Microsoft has released an Out of band patch on 20-July-2015(MS15-078), but we are unable to download the same by using our Radia Patch manager.I think the mentioned bulletin is still not available in accelerite.Kindly let us how we can download the same by using our HPCA environment.

2 0
James Longo
Custom Radia Database Reporting

I started helping Radia customers realize the true potential of Radia Inventory Manager by developing custom reports based on end users requests back in 2002. As the product expanded over the years to include Patch and Usage data, the custom database front-end also expanded and now includes over 2000 SQL queries and hundreds of custom reports for Patch, Usage and Inventory data to maximize the ROI for customers using Radia. The database front-end was originally part of the Radia Inventory Manager Site section but that was discontinued so I built a new tclhttpd server to host the custom reports called Webulae in 2006 after leaving HP to join Evergreen Systems.

The Webulae server runs on the same basic framework as a standard Radia Integration Server so it is easily integrated into existing Radia environments. Once up and running new reports can be quickly added by sending a request describing the desired report or discussing the desired functionality directly with me.

Webulae is free for Evergreen support contract customers and a paid service for non-contract customers. Send inquires to James.Longo@evergreensys.com

0 0
James Longo
Windows XP/2003 Extended security patching using Radia

For those who will be extending Windows Server 2003 security patch support with Microsoft I will share my experience from patching Windows XP via Radia Patch Manager.

Each month you will need to manually download security patches from Microsoft along with a manifest showing file change information. In order to continue patching Windows Server 2003 using Patch Manager custom bulletins need to be created for each patch using the information contained in the manifest. The bulletins will need a unique naming convention so they do not interfere with the bulletins on the MUC data feed. Validation testing will need to be performed to make sure the manifest matches actual file change details. I have seen a few examples where the manifest did not match the actual file change details after installation and Microsoft needed to make corrections to the manifest. I have also seen examples of bad patches that needed to be corrected by Microsoft. In cases where the bulletin is not based on the OS but a specific product, a probe will need to be configured so the bulletin is only applicable under certain circumstances. This prevents the bulletins from showing up in reporting for different Operating Systems.

Over the past year I have developed a process that allows me to quickly and accurately develop custom bulletins, validate the security patches, and deliver the finished product within a few hours of new patch releases. Radia Admins only need to import a Radia package in order to manage the patches via Radia Patch Manager each month.

This service is free for Evergreen support contract customers and a paid service for non-contract customers. Send inquires to James.Longo@evergreensys.com.

0 0
Matt Davis
Radia 9.1 OOBM - Intel SCS version?

Getting ready to setup OOBM, which we've owned for some time and never implemented. Reading through the guide and it directs you to use the Intel SCS install from the Radia media folder. Well my problem with this is that the version provided is from 2010, and doesn't support SQL 2014, or Windows Server 2012 R2.

Is this really the most recent version of Intel SCS that can be used with Radia?

2 0
Jose Manuel Garcia
Error listing objects in HPCA Console

Hello experts, i'm using HPCA 8.1 version, with external LDAP, all things correctly configured.

Im getting this error in tomcat when i try to navegate in some OU's of the external LDAP and objects aren't listed on the right window, only at tree (on left)

23 dic 2014 09:14:00,297 [TP-Processor7] ERROR MembersSource : Exception received during refresh
java.sql.SQLException: Wrong data type: - in statement [CREATE TABLE rmp_members(ID VARCHAR(255), DCI VARCHAR(255), LASTUPDATED TIMESTAMP, CREATETIMESTAMP TIMESTAMP, MODIFYTIMESTAMP TIMESTAMP, OBJECTCLASS VARCHAR(255), DISPLAYNAME VARCHAR(255), FRIENDLYNAME VARCHAR(255), DESCRIPTION VARCHAR(255), CN VARCHAR(255), PARENTDN VARCHAR(255), HPCMDEVICECLASS VARCHAR(255), DISTINGUISHEDNAME VARCHAR(255), DSCOREPROPAGATIONDATA VARCHAR(255), DSCOREPROPAGATIONDATA1 VARCHAR(255), DSCOREPROPAGATIONDATA2 VARCHAR(255), DSCOREPROPAGATIONDATA3 VARCHAR(255), DSCOREPROPAGATIONDATA4 VARCHAR(255), GPLINK VARCHAR(255), INSTANCETYPE VARCHAR(255), NAME VARCHAR(255), OBJECTCATEGORY VARCHAR(255), OBJECTCLASS1 VARCHAR(255), OBJECTCLASS2 VARCHAR(255), OBJECTCLASS3 VARCHAR(255), OBJECTCLASS4 VARCHAR(255), OBJECTGUID VARCHAR(255), OU VARCHAR(255), USNCHANGED VARCHAR(255), USNCREATED VARCHAR(255), WHENCHANGED VARCHAR(255), WHENCREATED VARCHAR(255), DN VARCHAR(255), GROUPTYPE VARCHAR(255), OBJECTSID VARCHAR(255), SAMACCOUNTNAME VARCHAR(255), SAMACCOUNTTYPE VARCHAR(255), ACCOUNTEXPIRES VARCHAR(255), BADPASSWORDTIME VARCHAR(255), BADPWDCOUNT VARCHAR(255), CODEPAGE VARCHAR(255), COUNTRYCODE VARCHAR(255), DNSHOSTNAME VARCHAR(255), ISCRITICALSYSTEMOBJECT VARCHAR(255), LASTLOGOFF VARCHAR(255), LASTLOGON VARCHAR(255), LASTLOGONTIMESTAMP VARCHAR(255), LOCALPOLICYFLAGS VARCHAR(255), LOGONCOUNT VARCHAR(255), MSDS-]
at org.hsqldb.jdbc.Util.throwError(Unknown Source)
at org.hsqldb.jdbc.jdbcPreparedStatement.execute(Unknown Source)
at com.hp.ovcm.ec.cache.DataBaseManager.executeStmt(DataBaseManager.java:300)
at com.hp.ovcm.ec.cache.DbTable.create(DbTable.java:80)
at com.hp.ovcm.ec.cache.ManageEntitySource.createTables(ManageEntitySource.java:260)
at com.hp.ovcm.ec.cache.MembersSource.doRefresh(MembersSource.java:208)
at com.hp.ovcm.ec.cache.MembersSource.refresh(MembersSource.java:145)
at com.hp.ovcm.ec.cache.DataSourceManager.refresh(DataSourceManager.java:112)
at com.hp.ovcm.ec.cache.DataBaseManager.refreshTables(DataBaseManager.java:357)
at com.hp.ovcm.ec.cache.CacheManager$QueryData.execute(CacheManager.java:685)
at com.hp.ovcm.ec.cache.CacheManager.query(CacheManager.java:475)
at com.hp.ovcm.ec.cache.CacheManager.query(CacheManager.java:423)
at com.hp.ovcm.ec.console.ws.impl.EMWebService.query(EMWebService.java:684)
at com.hp.ovcm.ec.console.ws.impl.DirectoryObjects.members(DirectoryObjects.java:415)
at com.hp.ovcm.ec.console.ws.service.DirectoryObjectMessageReceiverInOut.invokeBusinessLogic(DirectoryObjectMessageReceiverInOut.java:138)
at org.apache.axis2.receivers.AbstractInOutSyncMessageReceiver.receive(AbstractInOutSyncMessageReceiver.java:39)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:144)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:117)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:291)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
at java.lang.Thread.run(Unknown Source)

0 0
Kevin Farmer
Restore data from a version 7.9 backup to a version 9.1 clean installation

I am trying to find the best method to upgrade Radia core server. I believe that performing a clean installation of Radia 9.1 and then restoring the data would be best similar to that of changing an OS on a computer.

I have performed the data back up from my production core server and I am looking to restore it to a different core server in a sandbox environment. When I try to run the rcarestore script as documented within the Installation and Upgrade guide found in the 9.1 media documentation folder, I get the following line:

"Error: Previous backup did not finish successfully, unable to restore/migrate"

I have checked the output log under C:\HPCABackup\HPCABackup\HPCA-backup.txt which says it completed successfully. I assume that I need to modify the contents of HPCA-backup.properties but would like to know if anyone else has taken this approach and can provide more information.

Kevin

0 0
Kevin Farmer
Restore data from a version 7.9 backup to a version 9.1 clean installation

I am trying to find the best method to upgrade Radia core server. I believe that performing a clean installation of Radia 9.1 and then restoring the data would be best similar to that of changing an OS on a computer.

I have performed the data back up from my production core server and I am looking to restore it to a different core server in a sandbox environment. When I try to run the rcarestore script as documented within the Installation and Upgrade guide found in the 9.1 media documentation folder, I get the following line:

"Error: Previous backup did not finish successfully, unable to restore/migrate"

I have checked the output log under C:\HPCABackup\HPCABackup\HPCA-backup.txt which says it completed successfully. I assume that I need to modify the contents of HPCA-backup.properties but would like to know if anyone else has taken this approach and can provide more information.

Kevin

0 0
Anthony Davies
Publish a UEFI Windows 8.1 64bit image > 4GB

I am trying to publish a Windows 8.1 64bit image captured from a UEFI boot machine, but the uploaded WIM file is 6.2GB and the RADIA publisher will not publish it (It only publishes 4GB of the file).
I have tried manually splitting the image using DISM but, although this publishes OK, the subsequent download fails as the UEFIInstall.cmd that runs imagex on the target device is incorrect; it acts as though there is only one WIM file rather than two.
So, I either need a publisher that publishes > 4GB or a version of OSCapture , winpe_x64.wim and wpe-x64-810_0000n.tgz that supports split images.

We are running HPCA 8.10 with CP3 and the UEFI support code from HPCA 9.1.

Any ideas?

Tony Davies (HP)

1 0
Vinod Kumar
Linux Proxy Preloads

Hi,

Can anyone suggest what would be the best practice for preloading the Linux Proxy servers? Using External Policy

regards,
Vinod

0 0
Michael Conwell
CAE Satellite Updates using the Console

After manually upgrading a 100 server infrastructure with the 8.10.0003 patch, why isn't there functionality in the RCA console to import a Satellite patch to the Core and execute the stage it to the satellites and remotely install it on the satellites?

You would have to have it done in stages: 1. Import the patch 2. Stage the patch to the satellite 3. Execute the patch. In my mind, the staging should be done in advance of installation and it should be done so in a fashion that it doesn't flood the WAN while it copies to the Satellite. Execution needs to be done separately due to the possible scheduling restrictions imposed by a Change Management system.

Also, patches shouldn't require manual installation for desired components. If I need the 8.10.0003 patch PLUS the OS Management components, I should be able to select this from the console and then have the system update itself when I tell it too.

Supression of Reboots would be a necessary component.

Centralized reporting of success, failure, pending-reboots, etc. would be needed.

It is long past time to giving us this feature for maintaining our RCA infrastructure.

1 1
Vinod Kumar
ZOBJCID

During the migration from 7.8 to 9.1, if the ZOBJCID changes while importing the instances will it trigger an update on the client for the particular instances?

Regards,
Vinod

1 0
Jesse Swensen
SAPSTATS and HSAPSTATS tables in the RDBMS

I would like to better understand the use of these two tables. I understand HSAPSTATS is the history table for SAPSTATS. But how is the SAPSTATS table populated and with what information?

3 1

Top Contributors