• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.

  • Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)

    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

Using TSM Power Administration

okriss

ADSM.ORG Member
Joined
Nov 6, 2015
Messages
141
Reaction score
0
Points
0
Hello,

Have anybody ever used this app for reporting TSM server (schedules...etc)?
I am facing a problem and i cannot solve it...

We use the Free version just for reporting....
TSM: SP 8.1.11 on server 2016
report server: win10 (5.5 management console installed, which was used for reporting, the last tsm 7.1.6)

The PA cannot connect to a TSM server...
It runs a script, which would connect to the TSM server. BUT there is a parameter -testflag=noaes...
The tsm server has "Encryption Strength: AES" which forcing the AES encryption, but the app want to go without it.
The TSM server cert have been added to the client and I can connect with the dsadmc, I can make query...etc.

How can I solve it?
Can I change the "Encryption Strength: AES" to...NO...or something else?

Do you have any suggestion for reporting TSM 8.1.11?
What do you use?

Thank you for your help!

1614876799487.png
 

okriss

ADSM.ORG Member
Joined
Nov 6, 2015
Messages
141
Reaction score
0
Points
0
Hi,
replace dsmadmc.exe binary with the newest Version 8.1.11
Hello,

I have already installed the latest...I have upgraded first, but after uninstalled and cleaned everything from the programfiles and program data and made a clean install.
Nothing happened....same error....
 

marclant

ADSM.ORG Moderator
Joined
Jun 16, 2006
Messages
3,703
Reaction score
611
Points
0
Location
Canada
Website
www.ibm.com
If you have a current client installed now, you should not need -testflag=noaes. Also you can try update the sessionsecurity for that admin to transitional. Upon a successful login, it should change to strict.

And finally, test dsmadmc outside Power Administrator and make sure that it can work by itself first.
 

okriss

ADSM.ORG Member
Joined
Nov 6, 2015
Messages
141
Reaction score
0
Points
0
If you have a current client installed now, you should not need -testflag=noaes. Also you can try update the sessionsecurity for that admin to transitional. Upon a successful login, it should change to strict.

And finally, test dsmadmc outside Power Administrator and make sure that it can work by itself first.
Hello,

I have already tried it. I can connect with dsmadmc... After the connection, the sessionsec turn to strict.
But I cannot connect with the PA (even if the sessionsec=trasitional). The testflag=noaes a built-in script, I cannot change that...
I made a try and I can connect to the 7.1.3 server, but the 8.1.x forcing the ssl....
Any idea?

thank you!
 

marclant

ADSM.ORG Moderator
Joined
Jun 16, 2006
Messages
3,703
Reaction score
611
Points
0
Location
Canada
Website
www.ibm.com
Starting at 7.1.8 and 8.1.2, authentication is done via SSL only. And switching to strict is normal and expected after a successful connection from a 7.1.8+ or 8.1.2+ client.

If you use an older client, it may work, but you will need to switch that admin to transitional and not use it on another machine with a newer client. A dedicated admin ID might be a better choice. I see your using the default admin account, that would give any security experts nightmares.

is it possible PA uses its own version of dsmadmc which could be older?
 

marclant

ADSM.ORG Moderator
Joined
Jun 16, 2006
Messages
3,703
Reaction score
611
Points
0
Location
Canada
Website
www.ibm.com
Have you also tried to also invoke dsmadmc with the full PA command from your earlier screenshot? If not you should. If it works, then talk to PA support. If not, try without the testflag. If it works, talk to PA support.
If it doesn’t work either way, report back.
 

marclant

ADSM.ORG Moderator
Joined
Jun 16, 2006
Messages
3,703
Reaction score
611
Points
0
Location
Canada
Website
www.ibm.com
I tested for fun. You cannot use -testflag=noaes with a current server level. I get the same error as you if I do it manually with that testflag. So you will have to edit the scripts and remove that option.
 

okriss

ADSM.ORG Member
Joined
Nov 6, 2015
Messages
141
Reaction score
0
Points
0
I tested for fun. You cannot use -testflag=noaes with a current server level. I get the same error as you if I do it manually with that testflag. So you will have to edit the scripts and remove that option.
Hello,

Yeeeeees, clearing the testflag would solve my problem, but i cannot find the script.
If I run a test, it will create a folder with the TSM server ip and place here some file. One of them is a script...
I have modified that script (deleting the testflag), but if I run again the test, I will get the same error.
It will try again with the testflag.... So, not that script is being used what was modified by me.
Very strange! :confused:

Do you have any experience with any other reporting solution? The OC reporting is not enough...

Thank you!
 

okriss

ADSM.ORG Member
Joined
Nov 6, 2015
Messages
141
Reaction score
0
Points
0
Starting at 7.1.8 and 8.1.2, authentication is done via SSL only. And switching to strict is normal and expected after a successful connection from a 7.1.8+ or 8.1.2+ client.

If you use an older client, it may work, but you will need to switch that admin to transitional and not use it on another machine with a newer client. A dedicated admin ID might be a better choice. I see your using the default admin account, that would give any security experts nightmares.

is it possible PA uses its own version of dsmadmc which could be older?
Hello,

Yes, I have created a user for reporting. I tried with admin, because I had thought maybe the privileges cause the problem.

If I downgrade the client for 7.x.x client...and I set the sessionsec=transitional for report user.....the tsm server wont force the ssl?
I found this in the status: Encryption Strength: AES Can I change it? ....I think it would be a bad idea....
 

marclant

ADSM.ORG Moderator
Joined
Jun 16, 2006
Messages
3,703
Reaction score
611
Points
0
Location
Canada
Website
www.ibm.com
If I downgrade the client for 7.x.x client...and I set the sessionsec=transitional for report user.....the tsm server wont force the ssl?
It has to be lower than 7.1.8 or lower than 8.1.2, and no it won't force SSL because the client is not SSL aware at those levels. Given that 7.1 is going out of support this year, may as well go with a 8.1 level lower than 8.1.2.
I found this in the status: Encryption Strength: AES Can I change it? ....I think it would be a bad idea....
You cannot disable SSL encryption of the authentication, you can only go at a level below where it was introduced. You can alter the encryption type for file backups though.
 

okriss

ADSM.ORG Member
Joined
Nov 6, 2015
Messages
141
Reaction score
0
Points
0
It has to be lower than 7.1.8 or lower than 8.1.2, and no it won't force SSL because the client is not SSL aware at those levels. Given that 7.1 is going out of support this year, may as well go with a 8.1 level lower than 8.1.2.

You cannot disable SSL encryption of the authentication, you can only go at a level below where it was introduced. You can alter the encryption type for file backups though.
Ok!
Thank you! I will install the 7.1.8...and make a try! I hope it will work.
I ll be back!
 

okriss

ADSM.ORG Member
Joined
Nov 6, 2015
Messages
141
Reaction score
0
Points
0
No, lower.
Hello,

I have just tried with 7.1.6.2 (and tried 7.1.8 too) client, the user is Riport, with sesssec=trans.....
The error is the same! :p
dsmadmc working, I can connect, can make a query.... After the connection the sesssec did not changed, it is still Transitional...so its good.....
The script is the same with -testflag=noaes......

I have no clue...

Do you know any reporting solution what is downloadable and usable? :D ...and can work....
 

marclant

ADSM.ORG Moderator
Joined
Jun 16, 2006
Messages
3,703
Reaction score
611
Points
0
Location
Canada
Website
www.ibm.com
The script is the same with -testflag=noaes......
Do a search for all the files in the application directory to see where "noaes" is coded, then try to remove it if it's in a text file.

Do you know any reporting solution what is downloadable and usable?
As in free, no. I heard of people using Servergraph.

I know the OC doesn't create the reports you want, but you can create custom reports with SQL. There's tons of SQL here: https://github.com/thobiast/tsm_sql
 

okriss

ADSM.ORG Member
Joined
Nov 6, 2015
Messages
141
Reaction score
0
Points
0
Do a search for all the files in the application directory to see where "noaes" is coded, then try to remove it if it's in a text file.


As in free, no. I heard of people using Servergraph.

I know the OC doesn't create the reports you want, but you can create custom reports with SQL. There's tons of SQL here: https://github.com/thobiast/tsm_sql
Hello,

Thanks! That was the first what I tried. This is the same what is on the thobias.org... :)
I going to make a try, i hope these are newer.
Some of these scripts does not work on 8.1....

Our client is already used to that reports, what came from the 5.5 server reporting tool.
I should replicate that and create usable reports....about schedules (successfull, missed, failed...tapes)
I dont know why, but they need it....
I can query eveything what i want through dsmadmc......this is not my need! 🙂
 

Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 20 19.0%
  • Keep using TSM for Spectrum Protect.

    Votes: 63 60.0%
  • Let's be formal and just say Spectrum Protect

    Votes: 13 12.4%
  • Other (please comement)

    Votes: 9 8.6%

Forum statistics

Threads
31,828
Messages
135,735
Members
21,789
Latest member
Fred49
Top