Micro Focus Server Automation – Tips and Tricks

Table of Contents

Micro Focus Server Automation – Tips and Tricks – June 2021

1. Warning: /packages/any/nt/5.2/PsSasHost.exe could not be downloaded

I want to know about the warning “/packages/any/nt/5.2/PsSasHost.exe” they get while running an audit remediation and the remediation script is a custom PowerShell script. AS background, this happens in my 10.60 environment where I migrated all of our content and servers from 10.21. 

It’s very reproducible in both my production and development environment. The remediation appears to run successfully, but it’s a warning that causes the users to bother me. It does not happen for audit policies that use “bat” or “python” custom scripts, only when the remediation script is a power shell. And it happens with newly created content, not just migrated content. 

I know that Windows 5.2 is Windows 2003 which is not supported in 10.60, so I’m GUESSING that some software policy or SOMETHING has that in it and we need to remove it? 

Solution

When a powershell script is executed on the agent, the batchbot will query the spin for the Units “PsSasHost.exe” and “PsSasHost.exe.config”, which can generate some problem depends on the environment, which has been fixed in the mentioned QCCR. So you should get rid of the warning after the implementation of the hotfix.

2. Patch Q4025337 successfully installed several times, but showing as missing

The patch Q4025337 is successfully installed on 2 servers. But now the server is showing missing the details found from the job output and WUA logs. 

Solution

There was an issue with .net framework 4.0 installation which was fixed and patches were installed successfully. Now there will be no problem with the server.

3. Is there a way to export Audit results to PDF from OGFS?

Can I export an audit result to PDF from OGFS? Is there any way to do this? Can I do this via the twist from a slice instead of having to log into the GUI?

Solution

Unfortunately, you cannot export an audit result to PDF from OGFS. There is no API method summary, it is not supported or mentioned in the guides.

4. US ONLY HPSA question on Sending logs.

I have a user that wants to be able to send logs from HPSA to their own event system. What I need to know is if this is possible and if I should do a dedicated satellite server for them. 

Solution

The supported way to gather the information you need is to use the Twister API. It seems that all required information is available by API, you will use JobInfoVO.

You can refer to twister > docs > com > opsware > job > Job Info VO.html.

You would have to write your own program to poll for job history data via the JobService API.

Then you can package up the data and redistribute it however you want to.

5. Can thresholds be changed when the probe checks table_space?

run all probes.sh run flags sys aux as at 85% 500 OPWS check database tables.sh

The run issue was due to an Oracle bug that has not been resolved but tablespace size will remain constant at 85%.

Is there any way to increase the threshold to 86%?

Solution

The threshold can be changed via the “spin.selfcheck.used_tablespace_threshold” system configuration parameter under the “Data Access Engine (spin)” section on the Java Client.

The change is centralized as a global sys configuration parameter, so you only need to change once, however, the change requires a restart to all spins in the mesh to take effect.

The configuration is loaded into memory by the spin on startup, and this particular parameter doesn’t have a dynamic refresh.

6. SA agent gives error for all scripts

I have an agent in SA and this agent gives errors for all scripts which have run whenever. How can I solve this problem?

Fri Apr 24 14:57:12 2020 , pid=7176 , cmdid=7965750002 , Job constructor succeeded

Fri Apr 24 14:57:12 2020 , pid=7176 , Job started in new thread

Fri Apr 24 14:57:12 2020 , pid=7176 , running “c:\windows\temp\temp7965750002.bat”  > “C:\Program Files\Common Files\Opsware\agent\batch.7965750002.stdout” 2> “C:\Program Files\Common Files\Opsware\agent\batch.7965750002.stderr” as “LocalSystem”

Fri Apr 24 14:57:12 2020 , pid=7176 , cmdid=7965750002 , traceback = Traceback (most recent call last):

  File “.\batchbot.py”, line 1109, in _run_job

  File “.\nt\nt_run_job.py”, line 85, in run_nt_job

  File “.\lcos.py”, line 634, in __init__

error: (203, ‘CreateProcess’, ‘The system could not find the environment option that was entered.’)

Fri Apr 24 14:57:12 2020 , pid=7176 , codefile:c:\windows\temp\temp7965750002.bat

Fri Apr 24 14:57:13 2020 , pid=7176 , cmdid=7965750002 , Success in batchbot.report (way job), job done

Solution

The problem is because the environment variable “COMSPEC” is not set in the agent process. It might be missing system wide.

Below is a small scale reproduction where we manually removed the COMSPEC environment variable within a cmd.exe shell, and we were able to exactly reproduce the root error:

—-

C:\Windows\system32>echo %COMSPEC%

C:\Windows\system32\cmd.exe

C:\Windows\system32>”%PROGRAMFILES%\Opsware\agent\lcpython15\python.exe” -c “from coglib import lcos;o,i,e=lcos.popen3(‘dir \\’);print o.read()”

Volume in drive C has no label.

Volume Serial Number is B275-61FA

Directory of C:\

08/22/2013 08:52 AM

PerfLogs

01/24/2020 02:25 PM

Program Files

08/22/2013 08:39 AM

Program Files (x86)

10/11/2016 04:09 PM

Users

01/24/2020 04:24 PM

Windows

0 File(s) 0 bytes

5 Dir(s) 32,823,705,600 bytes free

C:\Windows\system32>set COMSPEC=

C:\Windows\system32>”%PROGRAMFILES%\Opsware\agent\lcpython15\python.exe” -c “from coglib import lcos;o,i,e=lcos.popen3(‘dir \\’);print o.read()”

Traceback (most recent call last):

File “”, line 1, in

File “.\lcos.py”, line 924, in popen3

File “.\lcos.py”, line 634, in __init__

pywintypes.error: (203, ‘CreateProcess’, ‘The system could not find the environment option that was entered.’)

—-

The fix is to add the variable or fix its value. One way to get to it is to right-click on the “my computer” or “this PC” in the windows explorer, then go to the “system properties” dialog, then the “Advanced” tab, and then click the [Environment Variables] button. 

7. Errors on the OBR Dashboard, following stream is in error; software compliance.

This needs to be sent to the SA CPE team. Seeing the following error on the DashBoard;[email protected]_software_compliance_daily_f SA_SOFTWARE_Compliance_Daily_Rollup PID:3671 DBD::ODBC::st execute failed: [unixODBC]ERROR 3149: Duplicate primary/unique key detected in join [(OBR.sa_software_policy_servers_d x OBR.sa_software_policy_ld) using sa_software_policy_servers_d_node0001 and sa_software_policy_ld_Unsegmented_A ‎Oct‎ ‎4‎, ‎2019‎ ‎03‎:‎19‎:‎25‎ ‎PM This need to be sent to SA CPE team.

Solution

There were duplicate records present in that table for older dataminer configured which they are not using. Once the duplicate records from the old datasoureId was removed, the stream was running without error.

8. Install SA Agent jobs only stop at “Agent Binary Staged”

While installing an agent from NGUI ADT, the job hangs on “Agent Binary Staged” until timeout.

To take some more information use winagents deploy utility as fallow, suggest to start from core server:

/opt/opsware/adt/bin/winagentdeploy -u Administrator -a install –hostname=10.11.17.113 -d /opt/opsware/adt/de0.11.17.70 -i “–withmsi –loglevel trace –opsw_gw_addr 10.11.17.70:3001”

Change 10.11.17.113 to the IP of your windows server

Change 10.11.17.70 to the IP of your core/satellite server

This will fail again but with error “Could not connect to target machines IPC$ share”,

Solution

This is related to a protocol SA agent is using which is disabled on some of the Windows servers by default.

In order to enable it, do the following:

Navigate to the following patch in registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\DependOnService

Original Value: SamSS Srv2

1. Change to: SamSS Srv

2. Open the Windows Services à Find “Server” à Restart the process.

In addition please also check ports 135 and 445 they are required to be opened.

9. HPSA 10.60 Production – Security findings to remediate.

HPSA 10.60 Production = Our Security Team has issued these findings.

#1SMB Signing not required – Enforce message signing in the host’s configuration. How can we correct this finding?

#2Plugin Output: The following shares can be accessed using a NULL session: – OSMEDIA – (readable) + Content of this share. Let me know how we can remediate these findings.

Solution

“CVE-1999-0519:

Samba is used for provisioning Windows machines. The osmedia share needs to be accessible without a password. If the User is concerned about this, he can stop the smb component with “/etc/init.d/opsware-sas stop smb” and disable it from starting at boot by commenting out the following lines in /opt/opsware/oi_util/startup/components.config:

smb $STARTUP/smb $VERIFY_PRE \ $VERIFY_POST $VERIFY_FUNCTIONALITY

When you need to provision Windows machines you can enable the smb component again by uncommenting the lines in /opt/opsware/oi_util/startup/components.config and then start the smb component by running “/etc/init.d/opsware-sas start smb”. “Having the smb component commented out in /opt/opsware/oi_util/startup/components.config makes it impossible to start it via “/etc/init.d/opsware-sas start smb”, so first you need to make sure that the component is not commented out.”