Security settings for 8.1.2

uwekoch

Active Newcomer
Joined
Oct 6, 2017
Messages
6
Reaction score
1
Points
0
PREDATAR Control23

After installing server 8.1.2 and ba client 8.,1.2 to a new environment of 4 instances all instances worked fine.
After the configuration of server-to-server communication between those 4 instances, the dsmadmc clients can no linger connect to the servers with message "client is down-level with this server version". But the client is 8.1.2 as well as the server.
After removing and reregistering an admin, the session works fine until there is a server-server-session used. After that the client "is down-level" again. So it has to do with the security level of the admin's last connection.

Any suggestions how to configure server and client to have a stable admin session possible by local dsmadmc AND by command redirection from other instance ?
 
PREDATAR Control23

Have you deleted and redefined all server-to-server communications on all instances?

Are there NO instance that are lower than 8.1.2 that an 8.1.2 instance is attempting to connect to.

Remember that server-to-server communication is between TSM instances and as such ideally must be all on the same level. If the source instance is lower than the target instance, this would work but not vice-versa.
 
PREDATAR Control23

Yes, all definitions ar enew. There are 4 instances freshly installed on 2 hw servers. 2 instances on each hw. Only these 4 instances of 8.1.2 and the tsm clients 8.1.2 are installed in this new environment.
Currently inst0 and inst1 can communicate in both directions, inst2 and inst3 also communicate in both directions. (tested with ping server ...)
But inst2 can ping to inst0 and inst1 but not from inst0 to inst2 or inst3
and also inst 3 can ping inst0 and inst1 but not from inst0 or inst1 to inst3
All ssl keys have been added on all machines and all admins are registered newly with the same parameters.

But from inst1 to inst2 the ping answers:
Protect: SRVBCK01>ping server srvbck02
ANR1705W A ping request to server 'SRVBCK02' was not able to establish a connection by using administrator credentials.
ANS8001I Rückkehrcode 4.
 
PREDATAR Control23

Have you set the server password on all instances at the same one?

If you have not, delete all server-to-server settings, set the server password to the same on all, and redefine.
 
PREDATAR Control23

Have you deleted and redefined all server-to-server communications on all instances?

Are there NO instance that are lower than 8.1.2 that an 8.1.2 instance is attempting to connect to.

Remember that server-to-server communication is between TSM instances and as such ideally must be all on the same level. If the source instance is lower than the target instance, this would work but not vice-versa.


And an additional question :

Ususally all servers should have the same version for server-to-server-communication, thats clear.

But here the customer wants to export data from an old (outdated, unsupported) version 6.2.3.100 to one of the new instances with 8.1.2.
would this be possible by server-to-server-communication, or only be export/import tape or file ?

(Customer knows that 6.2.3.100 is unsupported, but the data on it are still needed and should be transferred to 8.1.2)
 
PREDATAR Control23

And an additional question :

Ususally all servers should have the same version for server-to-server-communication, thats clear.

But here the customer wants to export data from an old (outdated, unsupported) version 6.2.3.100 to one of the new instances with 8.1.2.
would this be possible by server-to-server-communication, or only be export/import tape or file ?

(Customer knows that 6.2.3.100 is unsupported, but the data on it are still needed and should be transferred to 8.1.2)

Yes - see my original reply.
 
PREDATAR Control23

Have you set the server password on all instances at the same one?

If you have not, delete all server-to-server settings, set the server password to the same on all, and redefine.
The server passwords are all the same, and also the the admin password.
It is not yet in production, so it's easier this way.
 
PREDATAR Control23

Yes - see my original reply.
I've seen it, but I explicitely wanted to know if an export from 6.2.3.100 to 8.1.2 will work.
6.2.3.100 is listed in no current compatibility matrix any more,s ince it is out of support.
But there was a large change between 6.2.3 and 6.3. as far as I remember. So maybe there could be an issue.
 
PREDATAR Control23

So reading this thread is a little concerning for me...

Having rigorously cross referenced this IBM article.. http://www-01.ibm.com/support/docview.wss?uid=swg21053218

Are we now saying that current 7.1.x (non 7.1.8) clients sitting on Windows 2008 Servers will not be able to connect to a new ISP 8.1.2 Server using it's current standard communication method that it's been using to talk to a 7.1.5 Server?
 
PREDATAR Control23

Are we now saying that current 7.1.x (non 7.1.8) clients sitting on Windows 2008 Servers will not be able to connect to a new ISP 8.1.2 Server using it's current standard communication method that it's been using to talk to a 7.1.5 Server?
No. Older clients will be able to connect to an 8.1.2 server.

https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.2/srv.admin/c_adm_sec_ovr.html
https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.2/client/c_sec_upg_serv_client_fast_path.html
 
Top