Troubleshooting

Incorrect IP address or host name in the Host field. Use the command PING to check if a TCP/IP connection exists between the PC and the iSeries (AS/400). For example: ping 128.0.0.2

Solution 1

Change Host field and try again.

Cause 2

No TCP/IP connection exists between the PC and the iSeries (AS/400). Use the command PING to check if a TCP/IP connection exists between the PC and the AS/400. For example: ping 128.0.0.2

Solution 2

Contact the Network Administrator. The problem may be with network definitions, a physical connection failure, or an inactivated TCP/IP server in the iSeries (AS/400).

Cause 3

Inactive HTTP server job, BSAFEINST (up to OS/400 V5R2) or BSFAPCH (from V5R3). Check if the job is active by using the command: WRKSBSJOB QHTTPSVR

Solution 3

Execute the following command on the iSeries.

STRTCPSVR SERVER(*HTTP) HTTPSVR(BSAFEINST) (up to OS/400 V5R2)

STRTCPSVR SERVER(*HTTP) HTTPSVR(BSFAPCH) (from V5R3)

Cause 4

The field Port contains a value which is not a valid local port number. Default values are1983 up to OS/400 V5R2 or 1967 from V5R3) To verify this, execute the NETSTAT command on the iSeries. Select option 3 (work with TCP/IP connection status) then locate the entered port number in column Local Port.

Solution 4

Change the Port field to an existing port (first try default values of1983 up to OS/400 V5R2 or 1967 from V5R3) and try again.

Cause 5

The entered port is defined but not in Listen status. To verify this, execute the NETSTAT command on the iSeries. Select option 3 (work with TCP/IP connection status) then locate the entered port number in column Local Port. This port must be in status Listen. If it is not, check the message log (DSPMSG QSYSOPR) to see if problems were encountered when operating the HTTP Server.

Solution 5

Contact the System Administrator.

Cause 6

User Profile QTMHHTP1 or QTMHHTTP is disabled. Use DSPUSRPRF to verify status of the two User Profiles

Solution 6

Use CHGUSRPRF to change the status of the User Profiles to enabled.

4. Error message “500 Document follows” encountered when logging on to the Enterprise Security client.

Cause 1

Some objects or authorization settings are absent.

Solution 1

1. Use the WRKSBSJOB QHTTPSVR command to see it the job BSAFEINST is running.

2. Use the NETSTAT command option 3 to see if the port 1983 is listening.

3. Profiles QTMHHTP1 and QTMHHTTP should be enabled.

4. OBJ(RMTSMP/BSFGUICL) OBJTYPE(*PGM): user QTMHHTP1 should be AUT(*USE)

5. OBJ(RMTSMP/DB2WWW) OBJTYPE(*PGM): user QTMHHTP1 should be AUT(*USE)

6. OBJ(RMTSMP/SAGUIC) OBJTYPE (*PGM) : user QTMHHTP1 should be AUT(*USE)

7. OBJ(RMTSMP/MACROS) OBJTYPE (*FILE) : user QTMHHTP1 should be AUT(*USE)

8. OBJ(RMTSMP/SIGNCHECK) OBJTYPE(*PGM) :user QTMHHTP1 should be AUT(*USE)

5. Error message “User is not authorized to access Bsafe” encountered when logging on to the Enterprise Security client.

Cause

User has no Role defined in the Administration Roles Manager.

Solution

Define the user in the Administration Roles screen or use the BSAFE user profile.

6. A specific communication action was rejected although it should have succeeded.

Cause 1

Another permission definition took precedence over the one you consider should have been used. Use the Audit Log (discussed in detail in the relevant section ) to identify the event and determine which authorization caused the rejection. The class field in every log event specifies the priority level of the rejected action. The order of increasing priority is system defaults, address range, User Group, generic user, user profile, user. The address range can also be defined as the highest priority.

Solution 1

Change the authorizations as required.

Cause 2

You expected the permissions for a user to be taken from a group profile. However, permissions have been defined for the group profile at the user account type and not at the group profile account type. Use the audit log to investigate the event as described in cause 1, above.

Solution2

Add the permissions definition for the group profile under the group profile account type.

Cause 3

The same user is included in more than one User Group. Use the audit log to investigate the event as described in cause 1, above.

Solution 3

Make any required changes in the member list in this or the other groups, or change the priority sequence between overlapping groups. This is described in detail in the user guide.

Cause 4

The action was rejected at the function, library or object levels. Use the audit log to investigate the event as described in cause 1, above, then examine the options of the relevant server permissions at the function, library and object levels. Remember that the permissions are taken from the system defaults if they are not specifically defined elsewhere - see the section on permissions for more information.

Solution 4

Make any required changes in the function, library or object level permissions.

7. No alerts are received from the IDS.

Cause 1

The Alert Server is not running. If the Alert Server is running, you should see an icon on the system tray.

Solution 1

Start the Alert Server as described in the user guide.

Cause 2

The Alert Collector is not running. If the Alert Collector is running, you will see the active job BSFICOL in the QSYSWRK sub-system.

Solution 2

Start the Alert Collector as described in the user guide.

Cause 3

There is no connection between PC and iSeries. Go to the “green screen” manager, to the Application IDS menu and select Send Test Message as described in the user guide. Then you should see the test message in the Alert Server Monitor (on the PC). If no test message is printed in the Alert Server Monitor, check the IP address and port definitions in the IDS manager (configure alert server button) and the port definition in the Alert Server – the two port definitions should be identical. Repeat for the System Audit IDS menu

Solution 3

Make any necessary changes in the port definitions.

Cause 4

The Alert Collector fails to submit the Send Alert job. See if there are any messages in the job BSFICOL in the QSYSWRK sub-system.

Solution 4

Report any messages found to technical support.

8. The Alert Server fails to send a mail alert.

Cause

The mail properties in the Alert Server are not set up properly.

Solution

Set up the mail properties in the Alert Server according to the directions in the user guide.

9. The list of users is empty.

Cause

The coded character set identifier (CCSID) value of the file SAUSRP does not match the system value QCCSID.

Solution

Issue the following command from the OS400 command line:

CHGPF RMTFIL/SAUSRP CCSID(XXXXX)

(where XXXXX is the value specified in the QCCSID system value).

10. The Enterprise Security Manager doesn't respond.

Cause

There may be a message waiting on the iSeries (AS/400). Use the WRKACTJOB JOB(BSAFEINST) command to check if one of the BSAFEINST jobs is waiting on a message.

Solution

Act according the message content. If it is unclear report the message to customer support.

11. Enterprise Security is activated but entries are not being recorded in the log.

Cause 1

Certain essential services on the iSeries were not restarted following installation of Enterprise Security.

Solution 1

Restart TCP/IP and the Qserver sub-system after installation. Use the following commands:

ENDSBS QSERVER OPTION(*IMMED)

STRSBS QSERVER

STRHOSTSVR SERVER(*DATABASE)

STRHOSTSVR SERVER(*FILE)

Cause 2

The Enterprise Security optimizer is activated.

Solution 2

The optimizer is means of reducing the degree of logging of network activity to bring about an improvement in product performance. The default value for optimization at installation time is on (reduced logging) but this may be changed at any time for the appropriate servers on the system defaults screen. A full discussion of the optimizer can be found in the on-line Help and User Guide.

12. After restricting port 21 (FTP) to specific users no-one can use FTP (not even the specified users).

Cause

The system reaction to restrictions on well-known ports (0 through 1023) is unpredictable. We strongly recommend not applying any restrictions to this range of ports. The port restriction will be effective only with the unknown ports, used by the customer applications. For example, if the port 23 is restricted to some user other then QTCP, the Telnet server simply won’t start. When the port 23 is restricted to QTCP, it doesn't matter what other specific users are also in the list - all the users are allowed to use Telnet.

Solution

Do not apply restrictions to ports in the range 0 through 1023.

13. There are groups missing from the “Priority level between overlapping groups” screen.

Cause

In the “Priority level between overlapping groups” screen you can see only those groups which contain users appearing in more than one group. In other words, if you don't see groups in that screen, each user belongs to one group only.

Solution

There is no problem. No users appear in more than one group.

14. I get an error message “BSG0110. Not valid time”.

Cause

An Enterprise Security bug appearing when the time separator in the Windows definition is set to ‘.’ (dot).

Solution

Bug corrected in versions v.3.2.1.1 and later.

15. The print preview is blank when it should contain data.

Cause

The same problem as 14, above. A Enterprise Security bug appearing when the time separator in the Windows definition is set to ‘.’ (dot).

Solution

Bug corrected in versions v.3.2.1.1 and later.

16. Permissions are defined at the chosen level but the icon displayed beside the user ID in the user ID account listing on the Enterprise Security Manager is not what has been defined. The permissions being used are not the ones wanted.

Cause

Permissions have been defined at two or more different priority levels for a user.

Solution

The following description must be understood fully.

User permissions may be defined for the user at a number of different levels. These include user ID, group profile, generic name and user group and the default level – the system defaults. An additional level is the IP address.

User permissions may be defined at several or even all of these levels at one and the same time. However, only one set of permissions will be active for a user at any one time – the active permission set is that with the highest priority. If permissions have not been specifically defined for a user at any level then the system policy will apply for that user. If, on the other hand, a user has specific permissions defined at the user ID, group profile, generic name or user group level, then these will be adopted accordingly, the appropriate icon being displayed aside the user ID in the user ID account level display. This can be seen in the Enterprise Security Manager.

We recommend making use of the User Group as the primary method of permissions definition. For information see the Enterprise Security User Guide topics The Enterprise Security Manager, Access Security Policy, Account Type Priority and Assigning User Permissions.

17. After deactivating Enterprise Security, a job named BSFICOL in subsystem QSYSWRK remains active. It is re-run each time as an auto-start job.

Cause

This is the alert collector. It must be deactivated specifically.

Solution

After deactivating the product, go to alert collector in the green screen and select the stop alert collector option. This should be done before upgrading the version or uninstalling the product.

18. After deleting the product libraries, we have problems with users not being able to connect.

Cause

The Enterprise Security product must be uninstalled correctly, using the detailed instructions provided.

Solution

If the libraries have already been removed, they should first be restored in order to proceed with the uninstall process. Once you have done this, follow the uninstall instructions which may be found in the Enterprise Security on-line user guide, provided with the product and also on the Enforcive website.

19. The IBM-supplied user profile QYPSJSVR is not shown
in Enterprise Security either in the list of user-ID accounts or in the user profile manager.

Cause

You have recently upgraded your version of OS/400 to V5R2 but have not
refreshed the user list.

Solution

Go the Commands menu in the Enterprise Security Manager and select the Retrieve User List From System option. After completion of this task, click the Refresh button under the Accounts window on the main screen and you will see this user in the list.

20. We received an error message MCH3203 when installing the product.

Cause

This is an internal OS/400 error, normally fixed by applying the appropriate PTFs.

Solution

Apply the recommended PTFs. Seek assistance from IBM support or through the IBM.

21. I don’t see where the allow change password takes effect.

Cause

This option is designed for the password change prompt when making the initial Telnet connection through client access. If the system determines a password change is required, Client Access will request the new password. Once the sign-on screen is displayed, the initial Telnet connection has already been passed.

Solution

By setting the Enterprise Security Allow Change Password option to No, Client Access will not display this prompt when connecting to Telnet.

22. We are experiencing degradation in performance since starting to use the product.

Cause

The Optimizer is switched off for certain server applications being accessed intensively, for example in batch-type processing. The optimizer is a means of reducing the degree of logging of network activity to bring about an improvement in product performance. The default value for optimization at installation time is on (reduced logging) but this may be changed at any time for the appropriate servers on the system defaults screen. A full discussion of the optimizer can be found in the on-line Help and User Guide.

Solution

Set the Optimizer on for the server application by going to the system defaults screen and marking the appropriate optimizer checkbox.

23. When using the Domino HTTP server or the Apache HTTP Server instead of the OS/400 HTTP server we cannot run the Enterprise Security PC client (GUI).

Cause

The Enterprise Security PC client (GUI) is designed to run on the OS/400 HTTP server, even though the native green-screen component we run without problems.

Solution

Running the Enterprise Security instance under any other HTTP server would need to be configured manually. However, the OS/400 HTTP server should have no problem coexisting with either the Apache or Domino HTTP server. You can then run the BSAFINST instance under the original server and any other instances under Apache or Domino, as long as you provide the BSAFEINST with unique port number. More information may be found on the IBM website at the following URL:

http://www-1.ibm.com/servers/eserver/iseries/domino/buysell/tools_4.htm

24. When running Telnet logon, one or more occurrences of RMTCMD appear in the Application Audit – why?

Cause

This is a problem unrelated to Enterprise Security, but rather due to an outdated installation of IBM Client Access on your PC client.

Solution

The appropriate service pack must be downloaded from the IBM website and installed accordingly. The following link should assist you. http://www-1.ibm.com/servers/eserver/iseries/navigator/srvpck.html

25. After restoring the Enterprise Security libraries we are encountering problems

Cause

The authorities to the libraries have been changed in the restoration process

Solution

After restoration, re-run the Enterprise Security installation program, CALL PGM(RMTOBJ/SATKNAC)

This is discussed in the full installation guide, which appears on the website and in the Enterprise Security user guide.

26. There are a number of unrecognized actions in the Application Audit, among them Allocate Conversation, List File Attributes and Open Stream file

Cause

Allocate Conversion and the other operations mentioned are server requests made when accessing the OS/400 file server. It is quite normal and occurs in many situations of remotely accessing OS/400 resources.

One example of this is when you use Microsoft Excel to open a
file residing on the iSeries IFS. In this case, the Allocate Conversion
request is the first of several different requests made – it is followed by List File Attributes and Open Stream file requests.

Solution

There is not a problem.

27. After upgrading to a newer release of the product, we had access problems with the database server and file server.

Cause

The last stage of the upgrade process is to restart the QSERVER/QUSRWRK sub-systems. Until this is done the Enterprise Security will prevent access to the Database server and File server. It is therefore clearly recommended in the upgrade instructions to begin the upgrade process only when QSERVER may be restarted straight away.

Solution

If, however, the upgrade and been completed and restart cannot be carried out immediately, you must de-activate these two servers until this can be done. See the upgrade instructions on the website or in the user guide for details of how to do this.

28. The "Sign-on attempts not valid" field on the Password Status inquiry does not correctly reflect the number of invalid password attempts made.

Cause

You have perhaps misunderstood the purpose of this field.

This user profile parameter displays the number of invalid sign-on attempts since last successful sign-on and it cannot be more than the value specified for the system value QMAXSIGN (maximum sign-on attempts allowed). You can see it also when executing the DSPUSRPRF for the user, in the Sign-on attempts not valid parameter.

Solution

There is not a problem.

29. The list of users on the GUI main screen is empty even though previously it appeared OK. It happened after we received error MCH3601 in the BSAFEINST / BSFAPCH job.

Cause

This is a problem found on V5R2 of OS/400 only and is due to a problem in the IBM software. An error of type MCH3601 from module SQLTR appears in the BSAFEINST or BSFAPCH job, following this the list of users is no longer seen on the GUI main screen.

Solution

Apply the following IBM PTFs: SF99502 group level 17, SF99098 group level 16 and SI17237.

30. We cannot start our AS/400 Java shell?. We get message JVAB53A – Unable to Start JAVA shell, Reason code 1: Failed to create a Shared memory segment.

Cause

This is not a problem of Enterprise Security.

Qshell - is a command environment based on POSIX and X/Open standards. It consists of two parts:

· The shell interpreter (or QSH) is a program that reads commands from an input source.

· The utilities (or commands) are external programs that provide additional functions.

Qshell - provides an extensible command environment that allows you to:

· Manage files in any file system supported by the Integrated File System.

· Run threaded programs that do thread-safe I/O to and from an interactive session.

· Write shell scripts that can be run without modification on other systems using a cross-platform command language.

Solution

Check the System Value: QSHRMEMCTL (Shared Memory Control) set the value to '1'=Share memory allowed.

Use the command: GO QSH or execute the command STRQSH this will start the shell interpreter command entry screen.

Use the command: GO CMDJVA display the Java commands available on iSeries.

Check permissions: FTP Server, FTP Client, File Server, for the existence of IFS restrictions to the directory attempting to perform Java program operations.

31. When attempting to work with System Auditing journal the message ID CPF7003 with error code 1 will appears on the screen.

Cause

The currently attached journal receiver is full and the system journal is defined to manage receivers manually.

Solution

Change the attached receiver for system journal. This can be done from the GUI main screen by clicking on the System Journal Audit icon > Receivers button > Change.

Alternatively, you can issue the following command from iSeries green screen: CHGJRN JRN(QAUDJRN) JRNRCV(*GEN).

32. After defining permissions, the event is not handled as expected. It is either rejected when it should be allowed, or vice versa.

Cause

This is normally caused by duplicate permissions definitions (in different accounts) where the actual permissions used are defined with a higher priority than those you expect. A common occurrence is where permissions are defined both at the User ID level and also at the user group level. In other cases, the user may appear in two different user groups.

Solution

First check which permissions were used in the handling of the event. Enter the Application Audit and double click on the relevant event to see the Class parameter. This is the permissions set actually used and can be user ID, group profile, generic name, a specific user group or system policy. Once the ‘offending’ account has been identified, its permissions can be deleted, so the next event of this kind will use the expected definition. If the user ID permissions are not required, click on ‘Clear’ to remove the definitions set. If the user appears as a member in more than one user group, that user may be removed as required using the Group Manager.

33. Cannot see signon/signoff events in the Application Audit even though OS/400 Signon is activated.

Cause

This logging function requires IPL of your iSeries to take effect.

Solution

Check again following IPL of your system.

34. The message “OS version not supported yet” is given in System Audit.

Cause

The installed version of the product has not yet been updated with the latest OS system journal definitions update

Solution

Contact support to receive the necessary update.

35. The message “Triggers prevent requested operation” is displayed when activating field masking for file.

Cause

The file in question uses triggers and so cannot be used for field masking.

Solution

Contact support to check if an update is available for this problem

36. Object not found in library RMTOBJ while attempting to IPL from a SAVSYS backup.

Cause

The SAVSYS backup was done while certain exit programs were active. This applies only to versions between 5.5.2 and 7.0.

Solution

Repeat the SAVSYS backup but first deactivate the exit programs by running the option Maintenance > Commands Menu > Deactivation before SAVSYS, or by running the command RMTOBJ/BSFINAC. No parameters are necessary and it may be run interactively or as part of a batch job. If you run the SAVSYS via a CL program, you can hardcode the command into it. This is not a one-time action but something that is required every time the SAVSYS system backup is performed.

If this option does not exist in your menu or if the command RMTOBJ/BSFINAC is not found, you can download and install PTF AP55232 to receive them (If there is a cumulative PTF released after 16th April 2008, this may be downloaded and installed instead). All product PTFs can be downloaded from the Customer Center. After the system backup (SAVSYS) you must reactivate the Enterprise Security exit programs as described in the implementation instructions.

If the above steps don’t help, contact support for assistance.

37. Problems when attempting to print the user guide.

Cause

Printing errors when attempting to print the user guide. There are a number of errors which are know to occur when attempting to print parts of or all of the user guide from the online CHM file. These include the non-printing of certain pictures, truncation of pages, failure to print on network printers and error messages. They are the result of unpredictable behaviour of CHM help files when printing.

Solution

Use the PDF version of the user guide for the purpose of printing. This can be downloaded from the website. Go to the Technical Support page then click on Enterprise Security User Guide and Help (PDF File Format). Note that this is a large file – around 100Mb.

38. SQL Statement Audit – Information Missing

Cause

Sometimes, information is missing from the SQL statement audit. This can be the user name, IP address or the field values in the SQL statement itself.

Solution

The user name and IP statement information are only given when the database activity is the result of ODBC or RMTSQL requests. In addition, in the Application Access Control definitions, DDM must be activated and the logging level for this application server must be defined as “ALL” in the System Policy screen. Note that interactive SQL requests originating from the native environment do not carry this information. Field values in the SQL statement are not available in the audit - they are displayed as question marks. This is a limitation by the OS400 operating system.

39. Objects in RMTOBJ not found when running system commands following restore from SAVSYS

Cause

The SAVSYS backup was done while certain Enterprise Security exit programs were active. Product versions 5.5.2 to 7.0 only.

Solution

Repeat the SAVSYS backup but first deactivate the exit programs by running the option Maintenance > Commands Menu > Deactivation, or by running the command RMTOBJ/BSFINAC. No parameters are necessary and it may be run interactively or as part of a batch job. If you run the SAVSYS via a CL program, you can hardcode the command into it. This is not a one-time action but something that is required every time the SAVSYS system backup is performed.

If this option does not exist in your menu or if the command RMTOBJ/BSFINAC is not found, you can download and install PTF AP55232 to receive them (If there is a cumulative PTF released after 16th April 2008, this may be downloaded and installed instead). All product PTFs can be downloaded from the Customer Center. After the system backup (SAVSYS) you must reactivate the exit programs as described in the implementation instructions.

40. SAT – Security Assessment Tool. Reported results of network access do not refresh after making changes to network permissions

Cause 1

You clicked on the Refresh OS400 Report button rather than Test network access including OS/400 report or Run Again.

Solution 1

Click on Test network access including OS/400 report or Run Again.

Cause 2

The change you made in the permissions definitions did not affect the permissions of the user you are using for the network access test.

Solution 2

1. First recheck the Application Access Control permissions for the user you used for the assessment.

2. To be sure, select Windows Start > Run then enter the first command displayed in the Command column of the report. (i.e. ftp…). Enter the user and password you used for the assessment.

3. If the connection result on the previous step is not what you expected, the report is OK - recheck your permissions definitions.

4. If the connection result on the previous step is what you expected and the report does not reflect this result, view the file run_log.log in the product install folder. If the reason cannot be found in the log, send it to support, with an explanation of the preceding events.

41. SAT – Security Assessment Tool. The "Connection Cannot be Made" message is displayed when running the "Test network access including OS/400 report" option

Cause 1

The admin user entered (after the user to be tested) does not have high enough object authority or is blocked by exit programs from accessing ODBC. Blocking by exit programs applies to power users like QSECOFR just like any other user.

Solution 1

Check the admin user is not blocked from accessing the Database (ODBC) server. One way you can check this is by running SQL scripts in Operations Navigator, using the admin user ID. When you are satisfied the admin user can successfully perform database operations, repeat the assessment.

Cause 2

The installation was not fully completed because the code was not updated at installation time.

Solution 2

1. Uninstall the server software by running setup.exe from the c:\bsaferisk folder, then choosing uninstall.

2. Reinstall by following the instructions, step by step, in the readme file in the c:\bsaferisk folder.

3. Run the assessment, as described in the readme file, referred to above.

4. If this does not solve then problem, please send the two files srv_set_log.log and run_log.log in the product install folder to support, with an explanation of the preceding events.

42. Clear log file function completed but the log file size not reduced

Cause

The Clear Log function (or Clear Backup Log) was submitted with parameter Reorganize Log set to No

Solution

Rerun the Clear Log function (or Clear Backup Log) with parameter Reorganize Log set to Yes

43. Backup job failure – messages CPD387E, CPFA09E or CPF3761 received for object *DTAARA BSRUNJOBID in RMTFIL

Cause

The Enterprise Security alert collector jobs are interfering with the backup.

Solution

You should run or schedule the following commands to run before the daily backup:

Stop system alert collector

CALL PGM(RMTSMP/BSYSALRMNT) PARM('3')

Stop application alert collector

CALL PGM(RMTSMP/BSFIINSCL) PARM('ST')

You should run or schedule the following commands to run after the daily backup:

Start system alert collector

CALL PGM(RMTSMP/BSYSALRMNT) PARM('2')

Start application alert collector:

SBMJOB CMD(CALL PGM(RMTSMP/BSFICOLCL)) JOB(BSFICOL) JOBD(BSFISTRCOL) INLLIBL(*JOBD)

44. Failure when attempting to start the Enterprise Security Apache HTTP server instance. System message returned: TCP7406 - Problem detected with instance file QATMHINSTC in library QUSRSYS (only for OS/400 V5R3 or later)

Cause

The definition has been removed.

Solution

Recreate by executing the following commands at the command line:

CALL PGM(RMTOBJ/CRTAPCH) parm(' ')

RNMOBJ OBJ(RMTSMP/DB2WWW) OBJTYPE(*PGM) NEWOBJ(DB2WWWJN) (Okay, if not found).

CRTDUPOBJ OBJ(DB2WWW) FROMLIB(QHTTPSVR) OBJTYPE(*PGM) TOLIB(RMTSMP) NEWOBJ(DB2WWW)

GRTOBJAUT OBJ(RMTSMP/DB2WWW) OBJTYPE(*PGM) USER(*PUBLIC) AUT(*USE)

45. After running the Uninstall option from the main menu, some Enterprise Security exit programs remain active

Cause

The option contained a bug in the original version 5.6

Solution

This was fixed in version 5.6, PTF CUM56001. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

46. In the report generator, there doesn't seem to be an option for program information.

Cause

This report type was lacking in the original version 5.6

Solution

This report type was added in version 5.6, PTF CUM56001. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

47. The date is incorrect in the report generator when exporting to Excel

Cause

A bug in the original version 5.6

Solution

Fixed in version 5.6, PTF CUM56002. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

48. Replication of user profile failed.

Cause

A bug in the original version 5.6. Certain cases like the presence of the apostrophe character in the user name or users who are part of a group profile caused failure in the process.

Solution

Fixed in version 5.6, PTF CUM56002. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

49. Object locks encountered when running the activation command BSFACTV

Cause

A bug in the original version 5.6.

Solution

Fixed in version 5.6, PTF CUM56001. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

50. Following the deactivation of the exit programs and the completion of the SAVSYS backup, we cannot reactivate only the exit programs which were active before the deactivation?

Cause

This problem applies to Enterprise Security versions 5.5.2 to 7.0 only.

Solution

Upgrade to the latest version.

51. In the System Audit, when using the User parameter to filter the results of an invalid password event (*AUTFAIL/PW), no results are shown

Cause

The information is not readily available from the operating system.

Solution

In the System Audit on-line inquiry, the User parameter cannot be used for this event type as the information is not readily available from the operating system. It is available, however, in the System Audit reports which take longer to run (in batch) but analyze the audit events to retrieve this information.

52. Cannot login to the Enterprise Manager. Message given that the user does not have sufficient authority ("Secadm authority required"), but user has all necessary authorities

Cause

A bug in the original version 5.6.

Solution

Fixed in version 5.6, PTF CUM56002. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

53. I’ve selected a “Company Logo” and I want to remove it. How do I remove my selected “Company Logo” image?

Cause

No remove option available.

Solution

Please do as follows:

1. Exit the Enterprise Security Manager

2. Go to the Enterprise Security Manager installation directory (default - C:\Program Files\BsafeSolutions\BsafeiSeries)

3 Open file BsafeiSeriesLogon.ini using Notepad or another text editor.

4 Delete lines:

[cust_logo]
file_path=%file%.bmp

5. Save and exit from the notepad.

Note: in the next GUI build we will add two new options:

1. Clear logo - no logo will be displayed in the report

2. Set default logo – our default logo will be displayed

54. Following replication of user profile in the user profile manager, a message is given that the replication failed even though the operation was successful

Cause

A bug in the original version 5.6.

Solution

Fixed in version 5.6, PTF CUM56003. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

55. Object lock problems encountered when accessing via the database (ODBC) server

Cause

A bug in the original version 5.6.

Solution

Fixed in version 5.6, PTF CUM56003. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

56. FTP Login failing when long passwords used

Cause

A bug in the original version 5.6.

Solution

Fixed in version 5.6, PTF CUM56003. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

57. Report Generator – system audit report type columns object and library empty

Cause

A bug in the original version 5.6.

Solution

Fixed in version 5.6, PTF CUM56003. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

58. Report Generator – date formatting incorrect

Cause

A bug in the original version 5.6.

Solution

Fixed in version 5.6, PTF CUM56003. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

59. Report Generator, application audit report type – report not produced in report viewer when both spool and report viewer options are marked

Cause

A bug in the original version 5.6.

Solution

Fixed in version 5.6, PTF CUM56003. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

60. File server activity running slow

Cause

File server exit program action working inefficiently in original version 5.6.

Solution

Fixed in version 5.6, PTF CUM56003. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

61. Database server permissions not working correctly when used with object groups

Cause

A bug in the original version 5.6.

Solution

Fixed in version 5.6, PTF CUM56003. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

62. Alert center failure when QTEMP in library list

Cause

A bug in the original version 5.6.

Solution

Fixed in version 5.6, PTF CUM56003. It is included in all subsequent cumulative PTFs as well. PTFs can be downloaded from the Customer Center.

63. The installation of the Enterprise Security Manager terminates with error message "Can't run 16-bit Windows Program. Cannot find file..."

Cause

Your Windows installation is set to ignore short paths.

Solution

Temporarily enable short paths and reinstall, as follows:

1. Delete the folder extracted (unzipped) from the downloaded installation file. Do not delete the downloaded file ClientSetupxx.zip (xx is the version number).

2. Enter the Windows Registry Editor by clicking Start > Run, then type regedit <Enter>

3. Navigate to the path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem. The screen should appear as below.

4. Double click on the parameter NtfsDisable8dot3NameCreation. The following Window will be shown:

Replace the value 1 with 0 and click OK.

5. Restart your computer.

6. Repeat the installation, including the step of extracting (unzipping) the installation folder from the downloaded installation file.

7. After the installation has completed successfully, Repeat step 3 above. When the path has been found, change the value data back to 1, click OK to save, and restart your computer to restore the prior definitions.

64. Installation Program Exits Unexpectedly

Cause

Library QTEMP is absent from the user library list. As a result, display file SATKNAD1 is not found and the installation program fails.

Solution

Make sure the QTEMP library is included in the user library list before running the install program.

65. Cannot logon to the GUI – message received: “HTTP/1.1 500 Internal Server Error”

Cause

Insufficient public authority for system object QHTTPSVR/QZHBCGI, type *SRVPGM

Solution

Make sure the *PUBLIC user has *USE authority for this object.

66. “File…is currently in use” message displayed when exporting report to pdf or csv

Cause 1

The file specified is open.

Solution 1

Close the file and try again.

Cause 2

Enterprise Security needs to be run with administrator rights.

Solution 2

Right-click the C:\Program Files\BsafeSolutions\BsafeiSeries\BsafeEM.exe.
Select Compatibility tab.
Check option Run this program as an administrator.

67. When exporting to PDF or CSV files, the file produced is not what was expected.

Cause

The same causes as the previous problem.

Solution

The same solutions as the previous problem.

68. Slow sign on to the Enterprise Security Manager.

Cause

Not enough memory has been allocated to the QHTTPSVR subsystem.

Solution

Allocate 300Mb or more to QHTTPSVR. Instructions for doing this can be found on the IBM website:

http://www-01.ibm.com/support/docview.wss?uid=nas15dad678a505873f58625741a005f8134

69. Failures after transferring Enterprise Security objects to another computer, due to lack of authority

Cause

Enterprise Security objects have been transferred from one computer to another without granting the appropriate authority on the target computer, resulting in failures due ot objects without sufficient authority on the target computer.

Solution

Grant object authority as required, to prevent authority errors and other unexpected results.