Using TSM Power Administration

[okriss]

Hello,

Have anybody ever used this app for reporting TSM server (schedules...etc)?
I am facing a problem and i cannot solve it...

We use the Free version just for reporting....
TSM: SP 8.1.11 on server 2016
report server: win10 (5.5 management console installed, which was used for reporting, the last tsm 7.1.6)

The PA cannot connect to a TSM server...
It runs a script, which would connect to the TSM server. BUT there is a parameter -testflag=noaes...
The tsm server has "Encryption Strength: AES" which forcing the AES encryption, but the app want to go without it.
The TSM server cert have been added to the client and I can connect with the dsadmc, I can make query...etc.

How can I solve it?
Can I change the "Encryption Strength: AES" to...NO...or something else?

Do you have any suggestion for reporting TSM 8.1.11?
What do you use?

Thank you for your help!

 

[cilesiz]

Hi,
replace dsmadmc.exe binary with the newest Version 8.1.11

 

[okriss]

Hi,
replace dsmadmc.exe binary with the newest Version 8.1.11

Hello,

I have already installed the latest...I have upgraded first, but after uninstalled and cleaned everything from the programfiles and program data and made a clean install.
Nothing happened....same error....

 

[marclant]

If you have a current client installed now, you should not need -testflag=noaes. Also you can try update the sessionsecurity for that admin to transitional. Upon a successful login, it should change to strict.

And finally, test dsmadmc outside Power Administrator and make sure that it can work by itself first.

 

[okriss]

If you have a current client installed now, you should not need -testflag=noaes. Also you can try update the sessionsecurity for that admin to transitional. Upon a successful login, it should change to strict.

And finally, test dsmadmc outside Power Administrator and make sure that it can work by itself first.

Hello,

I have already tried it. I can connect with dsmadmc... After the connection, the sessionsec turn to strict.
But I cannot connect with the PA (even if the sessionsec=trasitional). The testflag=noaes a built-in script, I cannot change that...
I made a try and I can connect to the 7.1.3 server, but the 8.1.x forcing the ssl....
Any idea?

thank you!

 

[marclant]

Starting at 7.1.8 and 8.1.2, authentication is done via SSL only. And switching to strict is normal and expected after a successful connection from a 7.1.8+ or 8.1.2+ client.

If you use an older client, it may work, but you will need to switch that admin to transitional and not use it on another machine with a newer client. A dedicated admin ID might be a better choice. I see your using the default admin account, that would give any security experts nightmares.

is it possible PA uses its own version of dsmadmc which could be older?

 

[marclant]

Have you also tried to also invoke dsmadmc with the full PA command from your earlier screenshot? If not you should. If it works, then talk to PA support. If not, try without the testflag. If it works, talk to PA support.
If it doesn’t work either way, report back.

 

[marclant]

I tested for fun. You cannot use -testflag=noaes with a current server level. I get the same error as you if I do it manually with that testflag. So you will have to edit the scripts and remove that option.

 

[okriss]

I tested for fun. You cannot use -testflag=noaes with a current server level. I get the same error as you if I do it manually with that testflag. So you will have to edit the scripts and remove that option.

Hello,

Yeeeeees, clearing the testflag would solve my problem, but i cannot find the script.
If I run a test, it will create a folder with the TSM server ip and place here some file. One of them is a script...
I have modified that script (deleting the testflag), but if I run again the test, I will get the same error.
It will try again with the testflag.... So, not that script is being used what was modified by me.
Very strange!

Do you have any experience with any other reporting solution? The OC reporting is not enough...

Thank you!

 

[okriss]

Starting at 7.1.8 and 8.1.2, authentication is done via SSL only. And switching to strict is normal and expected after a successful connection from a 7.1.8+ or 8.1.2+ client.

If you use an older client, it may work, but you will need to switch that admin to transitional and not use it on another machine with a newer client. A dedicated admin ID might be a better choice. I see your using the default admin account, that would give any security experts nightmares.

is it possible PA uses its own version of dsmadmc which could be older?

Hello,

Yes, I have created a user for reporting. I tried with admin, because I had thought maybe the privileges cause the problem.

If I downgrade the client for 7.x.x client...and I set the sessionsec=transitional for report user.....the tsm server wont force the ssl?
I found this in the status: Encryption Strength: AES Can I change it? ....I think it would be a bad idea....

 

[marclant]

If I downgrade the client for 7.x.x client...and I set the sessionsec=transitional for report user.....the tsm server wont force the ssl?

It has to be lower than 7.1.8 or lower than 8.1.2, and no it won't force SSL because the client is not SSL aware at those levels. Given that 7.1 is going out of support this year, may as well go with a 8.1 level lower than 8.1.2.

I found this in the status: Encryption Strength: AES Can I change it? ....I think it would be a bad idea....

You cannot disable SSL encryption of the authentication, you can only go at a level below where it was introduced. You can alter the encryption type for file backups though.

 

[okriss]

It has to be lower than 7.1.8 or lower than 8.1.2, and no it won't force SSL because the client is not SSL aware at those levels. Given that 7.1 is going out of support this year, may as well go with a 8.1 level lower than 8.1.2.

You cannot disable SSL encryption of the authentication, you can only go at a level below where it was introduced. You can alter the encryption type for file backups though.

Ok!
Thank you! I will install the 7.1.8...and make a try! I hope it will work.
I ll be back!

 

[marclant]

Ok!
Thank you! I will install the 7.1.8...and make a try! I hope it will work.
I ll be back!

No, lower.

 

[okriss]

No, lower.

Hello,

I have just tried with 7.1.6.2 (and tried 7.1.8 too) client, the user is Riport, with sesssec=trans.....
The error is the same!
dsmadmc working, I can connect, can make a query.... After the connection the sesssec did not changed, it is still Transitional...so its good.....
The script is the same with -testflag=noaes......

I have no clue...

Do you know any reporting solution what is downloadable and usable? ...and can work....

 

[marclant]

The script is the same with -testflag=noaes......

Do a search for all the files in the application directory to see where "noaes" is coded, then try to remove it if it's in a text file.

Do you know any reporting solution what is downloadable and usable?

As in free, no. I heard of people using Servergraph.

I know the OC doesn't create the reports you want, but you can create custom reports with SQL. There's tons of SQL here: https://github.com/thobiast/tsm_sql

 

[okriss]

Do a search for all the files in the application directory to see where "noaes" is coded, then try to remove it if it's in a text file.


As in free, no. I heard of people using Servergraph.

I know the OC doesn't create the reports you want, but you can create custom reports with SQL. There's tons of SQL here: https://github.com/thobiast/tsm_sql

Hello,

Thanks! That was the first what I tried. This is the same what is on the thobias.org...
I going to make a try, i hope these are newer.
Some of these scripts does not work on 8.1....

Our client is already used to that reports, what came from the 5.5 server reporting tool.
I should replicate that and create usable reports....about schedules (successfull, missed, failed...tapes)
I dont know why, but they need it....
I can query eveything what i want through dsmadmc......this is not my need!