c S



 S  

Hello Sbehrens,

Have you configured any PatrolAgents to ³phone home´? If not, the following knowledge article
may be of some use. If you have, the diagnostic methodology at the bottom may be of some use.
I apologize for the amount of information below but there¶s a lot that needs to be considered.

Knowledge article 20036838:

Overview of the new features available with 3.8.50 PatrolAgent (phone home feature)
and BPPM 8.5 Automated Work Flow.

PatrolAgent Phone Home (automatic registration with Integration Service) and

BMC PATROL Adapter Automatic WorkFlow

Some of the information below comes directly from the PatrolAgent Reference
Manual and ProactiveNet Administrator Guides. Some of the information is based
on observation.

Starting with BPPM 8.5, the PATROL Proxy is referred to as "Integration Service"

Configuring PATROL Agents with the Integration Service:

Automated workflow enables the PATROL Agent to automatically connect to the

Integration Service, register itself, and start sending performance data to the
Integration Service. The PATROL Agent is added to the default profile called
"_SA_DEFAULT_" in the Integration Service. The Integration Service uses the
Staging Adapter (a component of the Integration Service) to accept inbound
connections from the PATROL Agents. This default Staging Adapter profile is
created during the Integration Service startup (if not already available).
You cannot remove this profile. For added flexibility and scalability, the
Integration Service configures multiple Staging Adapter profiles and provides
the ability to run multiple Staging Adapter instances.

Importing monitor types and creating an adapter instance:

Automated workflow imports monitor types and creates an adapter instance

whenever a remote agent configured with the Integration Service is added to the
BMC ProactiveNet Server. Once the remote BMC ProactiveNet Agent is added to the
server, all the application classes that are loaded in the PATROL Agents are added to
the server. All instances pertaining to these application classes are made part of the
newly created adapter instance. This adapter instance polls for performance data
more frequently compared to the earlier instance.

Deleting the remote BMC ProactiveNet Agent also deletes the associated adapter
instance. This is true even for PATROL Agents earlier than version 3.8.50, once they
are configured manually with the Integration Service. However, all information
pertaining to application classes (such as KPI, graph by default, and so on) may not
be synchronized.

PatrolAgent Phone Home:

The PatrolAgent Phone Home feature is available with 3.8.50 PatrolAgent or higher.
This feature allows you to configure the PatrolAgent to "phone home" (this is like
registering) to 8.5 or higher PATROL Proxy in 8.5 or higher ProactiveNet.

To use this feature, create the following Agent Configuration Variable:

/AgentSetup/integration/integrationServices with value tcp: is 3183 by default (The Staging adapter listens
on port 3183 by default
- note this is not the same as the Patrol Proxy, which runs on 3182 by default).
New Automated Work Flow:

The Automated Work Flow feature is available starting with 8.5.00 ProactiveNet.
In previous versions of ProactiveNet, the procedure to configure the PATROL
Adapter was somewhat involved. The Automated Work Flow changes the work flow
so that ALL PATROL appClasses are imported automatically and do not need to
be manually selected for import. Once a PatrolAgent is registered (i.e.
PatrolAgent has "phoned home"), ALL appClasses will be automatically imported
and data will begin to flow into ProactiveNet.

The automated workflow feature provides a seamless process for automatic

configuration of remote BMC PATROL agents and loaded Knowledge Modules
(KMs) into the BMC ProactiveNet. This reduces the manual efforts required to
integrate the performance and configuration data from PATROL Agents and KMs
into BMC ProactiveNet.

As a user, you only have to configure the PATROL Agent to connect to the
Integration Service. You do not have to re-import the monitor types whenever
there is a new application class or changes to existing parameters.

Note: The version of the PATROL Agent must be 3.8.50 and later.
Note: Only numeric parameter data is imported into ProactiveNet from PATROL.

Observations after fresh install of BPPM 8.5 and 3.8.50 PatrolAgent:

0. Bring up ProactiveNet Admin Console.

1. After a fresh installation of ProactiveNet, no adapters exist.

This can be seen by highlighting "Adapters" menu and try to
use MB3 (right-click).

2. Installing a remote ProactiveNet Agent with Integration Service

enabled (remember that the Phone Home feature in 3.8.50 does not
work with Integration Service on the local agent) creates a
PATROL Adapter using the IP Address of the remote Agent host as
its name. After connecting to the remote Agent, it may be
necessary to restart the Admin console in order to see this
Adapter instance.

This Adapter instance will have one Profile created automatically:

SADEFAULT_. This is the default "staging adapter".

3. Initially (i.e. before any PatrolAgents are configured with Phone Home
variable, /AgentSetup/integration/integrationServices) there
will not be any Application Classes available for Auto-sync. This
can be seen by going to MB3=>Adapters=>Edit.

4. Starting with 8.5, when the PATROL Proxy is configured the staging
adapter (sadapter.exe) listens on port 3183 for PatrolAgents that
want to phone home.

5. During installation of 3.8.50 PatrolAgent, there is a dialog that allows

the user to enter integrationServices hostname and port (3183 NOT 3182).

The Agent Configuratino Variable "/AgentSetup/integration/integrationServices"

will be created as an Agent configuration override (i.e. it's not placed in the
config.default file so it will be applicable only to the PatrolAgent port
specified during the installation.

PATROL_CONFIG
"/AgentSetup/integration/integrationServices" = { REPLACE = "tcp:aus-ngp-vm176:3183" }
 This can be configured post-install. Applying this ruleSet will take effect
immediately.

6. Once the PatrolAgent has been configured to "phone home", it will get added to the
SADEFAULT_ profile in the Adapter and appClasses will get registered and data will
start flowing into ProactiveNet. You can see the appClasses that have been imported
by going to MB3=>Adapters=> If the Patrolagent is not available in the Integration Service, then we need
to check if the Patrolagent is configured properly

c Point to required integration service (tcp:<hostname>:<port>)

c Version of security libraries (ESS)... it need to 3.0.14

c Security Policy (proxy.plc) in the "/etc/patrol.d/security_policy_v3.0",

- check the contents of the Re: Failures during configuration of PATROL proxy / Integration Service
section in the proxy.plc. The proxy_lib configuration
variable should have the correct full path to bmcesi.so.
- In the contents of the Re: Failures during configuration of PATROL proxy / Integration Service section,
the security_level configuration variable should be set to 2.

c Check and obtain the PatrolAgent .errs file (for any security errors). Additional PatrolAgent debug
log will also help in narrowing down the problem.

c In this current issue, since the windows agent has already registered itself with the Integration
Service,
there shouldn¶t be any configuration issues with the Integration Service. However, if required, the
Integration
Service configuration with respect to security may need to be checked.

c Check the .errs log for the Staging adapter (for any security related errors).

C> If the PatrolAgent is available in the Integration Service, then we need to check if there are any data
collection issues. This can be checked using CLI commands (/PATROL/query/getAgentDetails).

D> If the data collection for the PatrolAgent is correct, then further investigation needs to be carried out from
the PATROL Adapter perspective.

Diagnostic Procedure (Admin console)

Enable debug on BPPM Agent to check the output of query fire on proxy.
Go to Tools>Configure>Integration Service>Configure Integration Service.
Check PNNSInterface.log for following last entry of pw:

"/PATROL/query/getAgentDetails -agent ALL"

It will list down the Patrol Agent retrived from proxy. For e.g.

Re: Failures during configuration of PATROL proxy / Integration ServiceCONTENT LENGTH = 592
Re: Failures during configuration of PATROL proxy / Integration ServiceSTATUS = OK
Re: Failures during configuration of PATROL proxy / Integration Service
Re: Failures during configuration of PATROL proxy / Integration ServiceAGENT_NAME=vm-w23-rds
Re: Failures during configuration of PATROL proxy / Integration ServiceIP_ADDRESS=
Re: Failures during configuration of PATROL proxy / Integration ServiceDEVICE_TOKEN_ID=
Re: Failures during configuration of PATROL proxy / Integration ServicePORT=3182
Re: Failures during configuration of PATROL proxy / Integration ServiceSTATUS=CONNECTED
Re: Failures during configuration of PATROL proxy / Integration ServicePROFILE_NAME=__Default
Re: Failures during configuration of PATROL proxy / Integration ServicePARENT_FQDN=
Re: Failures during configuration of PATROL proxy / Integration ServicePROVIDER_AGENT=
Re: Failures during configuration of PATROL proxy / Integration ServiceDEVICE_TYPE=
 Re: Failures during configuration of PATROL proxy / Integration
ServiceLAST_COLLECTION_TIME=1290148052
Re: Failures during configuration of PATROL proxy / Integration Service
Re: Failures during configuration of PATROL proxy / Integration ServiceAGENT_NAME=w23-pcore-
m01:3181
Re: Failures during configuration of PATROL proxy / Integration ServiceIP_ADDRESS=
Re: Failures during configuration of PATROL proxy / Integration ServiceDEVICE_TOKEN_ID=
Re: Failures during configuration of PATROL proxy / Integration ServicePORT=3181
Re: Failures during configuration of PATROL proxy / Integration ServiceSTATUS=CONNECTED
Re: Failures during configuration of PATROL proxy / Integration ServicePROFILE_NAME=w23-pcore-
m01:3181
Re: Failures during configuration of PATROL proxy / Integration ServicePARENT_FQDN=
Re: Failures during configuration of PATROL proxy / Integration ServicePROVIDER_AGENT=
Re: Failures during configuration of PATROL proxy / Integration ServiceDEVICE_TYPE=
Re: Failures during configuration of PATROL proxy / Integration
ServiceLAST_COLLECTION_TIME=1290148051
Re: Failures during configuration of PATROL proxy / Integration Service

Using above list follow the AGENT_NAME having PROFILE_NAME=__Default. It corresponds to

SADEFAULT_
profile having type SA_ADAPTER.

Same list will get displayed on Admin console.

Example problem with suggested diagnostic methodology:

I'm having trouble getting the Phone Home feature to work for a Unix PatrolAgent:

I installed 8.5 ProactiveNet Server and a remote agent on a Windows system (same box).
I installed a 3.8.50 PatrolAgent on a Solaris 9 box (kimura.bmc.com). It's a fresh install.
Initially, I did not choose "overwrite previous security" but did another install and chose this option.
I've configured "/AgentSetup/integration/integrationServices" = { REPLACE = "tcp:aus-ngp-
vm176.bmc.com:3183" }
but the Phone Home doesn't seem to work.

I've checked all of the points below. It seems to me that all that should be required is to do the install,
do the phone home configuration, and it should work without any other changes. Please take a look at the
attached logs and let me know what additional steps are needed to get this to work.

The following entry from agentdebug.txt (included in agentdebug.tar.gz) looks interesting:

From the PatrolAgent debug, I notice the following:

COMM |1290268913| Connection with Integration Service 'aus-ngp-vm176.bmc.com' '3183' is closed '-4'

The following entries in sadapter-_SA_DEFAULT_-aus-ngp-vm176.bmc.com.errs seem to correspond to

this:

Sat Nov 20 00:52:11 2010: ESS Error: Security policy is either missing or unreadable: SOFTWARE\BMC
Software\Patrol\SecurityPolicy_v3.0\pns\common SOFTWARE\BMC
Software\Patrol\SecurityPolicy_v3.0\pns\server SOFTWARE\BMC
Software\Patrol\SecurityPolicy_v3.0\pns\common SOFTWARE\BMC
Software\Patrol\SecurityPolicy_v3.0\pns\server >-4-4<
Mon Nov 22 17:12:00 2010: ID 10205a: I: Binding PatrolAgent to port 3181 ..."

These errors indicate a problem on the PatrolAgent side related to initialization of ESS:

Check the following:

1. Verify that /etc/patrol.d/security_policy_v3.0/proxy.plc file is missing or not?

2. If the file is missing then I would like to see the installation log for this agent.
3. If file is present then I would like to see the contain of the this file. This file represent the security policy.
 It will have section called Re: Failures during configuration of PATROL proxy / Integration Service and Re:
Failures during configuration of PATROL proxy / Integration Service in which we need to specify the valid
security level and the valid
location for the directory name.

The file will look as

Re: Failures during configuration of PATROL proxy / Integration Service
bindir = /data/mneharka/9800_kit/common/security/bin_v3.0/linux-2-4-x86-nptl
bindir64 = /data/mneharka/9800_kit/common/security/bin_v3.0/linux-2-4-x86-nptl
securitydir= /data/mneharka/9800_kit/common/security/keys
logdir = /data/mneharka/9800_kit/common/security/log_v3.0
sksdir = /data/mneharka/9800_kit/common/security/sks
proxy_lib = /data/mneharka/9800_kit/common/security/bin_v3.0/linux-2-4-x86-nptl/libbmcesi.so

Re: Failures during configuration of PATROL proxy / Integration Service

security_level = 2
loglevel = ERROR,WARNING
logfile = proxy_client.log

This problem on the PatrolAgent side could be that the security scripts didn't get executed during the
installation. If that is the case, you should be able to rectify the problem by running the following
command as root: ./agent_configure.sh -d

From the Patrol knowledge base:

A potential reason that /etc/patrol.d isn't getting updated by agent_configure.sh was that the "Overwrite
current security
configuration (keys, certificates and trusted roots)" selection was set to "No" during the installation.

Edit the ./Patrol3/agent_configure.sh script file and look for the following lines:

CUSTOMER_SECURITY_LEVEL=0
SECURITY_OVERWRITE=FALSE

If SECURITY_OVERWRITE is set to FALSE, make a backup copy of the original agent_configure.sh file,
change FALSE to TRUE,
save the file, and execute it as ROOT: ./agent_configure.sh -d

If SECURITY_OVERWRITE=TRUE already, execute as ROOT the ./agent_configure.sh -d script.