background image

Backing up & restoring Policy Manager Console data

Policy Manager Server can be maintained by routinely backing up the console data on the server in case it
needs to be restored.

It is highly recommended that you back up the most important management information regularly. At a
minimum, back up the entire

fsa\domains

directory of the communication directory. The communication

directory is normally located under the Policy Manager Server installation directory under

commdir\

. This

directory contains both the policy domain structure and all saved policy data.

Note:

Before backing up the

fsa\domains

directory, make sure that no Policy Manager Console

sessions are open.

It is also possible to back up the entire repository. By doing so, you will be able to restore not only the policy
domain structure, but also the alerts, host statistics, and installation operations. You will also be able to quickly
restore policy files. When you only back up the

fsa\domains

directory, you must distribute the policies

afterwards. The disadvantage of backing up the entire repository is that there can be substantially more data
than in the

fsa\domains

directory. Another disadvantage is that Policy Manager Server must be stopped

before doing the full backup.

To back up the management key-pair, copy the

admin.prv

file and the

admin.pub

file from the root of the

local Policy Manager Console installation directory. Keep the

admin.prv

file stored in a secure place. It is

very important to save a backup copy of the

admin.prv

key file.

Note:

If you lose a management key (either

admin.pub

or

admin.prv

), you will have to create a new

key pair and distribute the respective

admin.pub

key to all the managed hosts by reinstalling each host

manually, since policy based operations cannot be used any more. Trust between Policy Manager Console
and managed hosts is based on a digital signature. Without the correct private key, it is not possible to
create a valid signature that hosts would accept.

If you want to save the Policy Manager Console preferences, back up the

lib\Administrator.properties

file from the local installation directory.

Note:

The

Administrator.properties

file is created during the first run of Policy Manager Console

and contains session related information such as window size or the server URL.

62

| F-Secure Policy Manager | Maintaining Policy Manager Server

Summary of Contents for POLICY MANAGER 9.0

Page 1: ...F Secure Policy Manager Administrator s Guide ...

Page 2: ......

Page 3: ...Complete installation of the product 20 Check that the installation was successful 21 Changing the communication directory path 22 Installing Policy Manager Console 23 Download and run the installation package 23 Select components to install 23 Complete installation of the product 23 Run Policy Manager Console 24 Changing the web browser path 26 Uninstalling the product 27 Chapter 3 Using Policy M...

Page 4: ... 56 Bottom pane 56 Viewing and exporting a report 56 Preferences 58 Connection specific preferences 58 Shared preferences 59 Chapter 4 Maintaining Policy Manager Server 61 Backing up restoring Policy Manager Console data 62 Creating the backup 63 Restoring the backup 64 Replicating software using image files 65 Chapter 5 Updating virus definition databases 67 Automatic updates with Automatic Updat...

Page 5: ... troubleshooting 79 Error messages 79 Troubleshooting 79 Resetting the Web Reporting database 79 Changing the Web Reporting port 79 Chapter 7 Policy Manager Proxy 81 Overview 82 Chapter 8 Troubleshooting 83 Policy Manager Server and Policy Manager Console 84 Policy Manager Web Reporting 88 Policy distribution 89 Chapter 9 Ilaunchr error codes 91 Error codes 92 Chapter 10 FSII remote installation e...

Page 6: ...6 F Secure Policy Manager TOC ...

Page 7: ...ensure compliance with corporate policies and centralized control Product registration Policy based management When the system has been set up you can see status information from the entire managed domain in one single location In this way it is very easy to make sure that the entire domain is protected and to modify the protection settings when necessary You can also restrict the users from makin...

Page 8: ...prise or Web Server editions P4 2 GHz processor or faster Processor Managing more than 5000 hosts or using Web Reporting requires P4 3 GHz level processor or faster 512 MB RAM 1 GB RAM recommended Memory Managing more than 5000 hosts or using Web Reporting requires 1 GB RAM 5 GB of free hard disk space 8 GB or more is recommended The disk space requirements depend on the size of the installation D...

Page 9: ... Web Server editions Windows Server 2008 SP1 64 bit Standard Enterprise Web Server Small Business Server or Essential Business Server editions Windows Server 2008 R2 Standard Enterprise or Web Server editions P4 2 GHz processor or faster Processor Managing more than 5000 hosts requires P4 3 GHz processor or faster 512 MB of RAM Memory Managing more than 5000 hosts requires 1 GB of memory 200 MB of...

Page 10: ...r Server and the managed hosts is accomplished through the standard HTTP protocol which ensures trouble free performance on both LAN and WAN Management Agent enforces the security policies set by the administrator on the managed hosts and provides the end user with a user interface and other services It handles all Management Agent management functions on the local workstations and provides a comm...

Page 11: ...ort pre configured installation packages which can also be delivered using third party software such as SMS and similar tools Configuration and policy management Centralized configuration of security policies The policies are distributed from Policy Manager Server by the administrator to the user s workstation Integrity of the policies is ensured through the use of digital signatures Event managem...

Page 12: ...umber from your license certificate during the installation of Policy Manager What information is sent We collect information that cannot be linked to the end user or the use of the computer The collected information includes F Secure product versions operating system versions the number of managed hosts and the number of disconnected hosts The information is transferred in a secure and encrypted ...

Page 13: ...estrictions for all the variables for all F Secure products on a specific host with domain level policies a group of hosts Base policy files may share the same file A base policy file is signed by Policy Manager Console protecting the file against changes while it is passing through the network and while it is stored in the host s file system These files are sent from Policy Manager Console to Pol...

Page 14: ... concept MIBs may also contain variables which the product stores for its internal use between sessions This way the product does not need to rely on external services such as Windows registry files Private Traps are the messages including alerts and events that are sent to the local console log file remote administration process etc The following types of traps are sent by most F Secure products ...

Page 15: ...Policy Manager Server and Policy Manager Console Topics Security issues Installing Policy Manager in high security environments Installation order Installing Policy Manager Server Changing the communication directory path Installing Policy Manager Console Changing the web browser path Uninstalling the product ...

Page 16: ... Apache web server can be found at the CERT web site http www cert org A document containing advice on how to secure an installation of the Apache web server is available at http www apache org docs misc security_tips html and a list of vulnerabilities at http www apacheweek com features security 13 You will find a list of Jetty security reports at http docs codehaus org display JETTY Jetty Securi...

Page 17: ...ay To enable easy migration to new management keys it is possible to re sign the policy domain structure and policy data with a newly generated or previously existing key pair If this is done accidentally or intentionally by an unauthorized user the authorized user will notice the change when he tries to log in to Policy Manager the next time In the worst case the authorized user needs to recover ...

Page 18: ...nager please follow this installation order unless you are installing Policy Manager Server and Policy Manager Console on the same machine in which case setup installs all components during the same installation process 1 Policy Manager Server 2 Policy Manager Console 3 managed point applications 18 F Secure Policy Manager Installing the product ...

Page 19: ...ager is to download and run the installation package To begin installing the product 1 Download the installation package from www f secure com webclub You will find the file in the Download section of the Policy Manager page 2 Double click the executable file to begin installation Setup begins 3 Select the installation language from the drop down menu and click Next to continue 4 Read the license ...

Page 20: ... select Change settings This option overwrites the edited configuration and restores the default settings 7 Click Next to continue 8 Select the Policy Manager Server modules to enable The Host module is used for communication with the hosts The default port is 80 The Administration module is used for communication with Policy Manager Console The default HTTP port is 8080 Note If you want to change...

Page 21: ...s installed 2 Enter http localhost 8080 as the address if you used the default admin port number during the installation and press Enter If the server installation was successful a welcome page will be displayed Note Policy Manager Server starts serving hosts only after Policy Manager Console has initialized the Communication directory structure which happens automatically when you run Policy Mana...

Page 22: ...m the old commdir path to the new path 5 Change the value for the CommDir and CommDir2 directives in httpd conf in the Policy Manager Server installation directory conf directory The default configuration contains the following configuration CommDir C Program Files F Secure Management Server 5 CommDir CommDir2 C Program Files F Secure Management Server 5 CommDir If you want to change the communica...

Page 23: ...lick the executable file to begin installation Setup begins 3 Select the installation language from the drop down menu and click Next to continue 4 Read the license agreement information then select I accept this agreement and click Next to continue Select components to install The next stage is to select the product components to install To continue installing the product 1 Select the components ...

Page 24: ...he path of the mouse movement ensures that the seed number for the key pair generation algorithm has enough random variation When the progress indicator has reached 100 the Passphrase dialog box will open automatically 9 Enter a passphrase which will secure your private management key 10 Re enter your passphrase in the Confirm passphrase field and click Next 11 Click Finish to complete the setup p...

Page 25: ...you can put the admin pub file in a directory that can be accessed by all hosts that will be installed with remotely managed F Secure products F Secure Policy Manager Installing the product 25 ...

Page 26: ...e acquires the file path to the default web browser during setup If you want to change the web browser path 1 Select Tools Preferences from the menu 2 Select the Locations tab and enter the new file path 26 F Secure Policy Manager Installing the product ...

Page 27: ...dialog box appears 4 Click Start to begin uninstallation 5 When the uninstallation is complete click Close 6 Repeat the above steps if you want to uninstall other Policy Manager components 7 When you have uninstalled the components exit Add Remove Programs 8 It is recommended that you reboot your computer after the uninstallation Rebooting is necessary to clean up the files remaining on your compu...

Page 28: ......

Page 29: ...ed F Secure security products designed to provide a Topics Overview common platform for all of the security management functions required in a corporate network Basic information and tasks Managing domains and hosts Software distribution Managing policies Managing operations and tasks Alerts Reporting tool Preferences ...

Page 30: ...rmats Policy Manager Console generates the policy definition and displays status and alerts Each managed host has a module Management Agent enforcing the policy on the host Policy Manager Console recognizes two types of users administrators and read only mode users The administrator has access to the administration private key This private key is stored as a file which may be shared among users wi...

Page 31: ...tings Connection properties The connection properties are defined when adding a new connection or editing an existing one The link to the data repository is defined as the HTTP URL of Policy Manager Server The Name field specifies what the connection will be called in the Connection field in the Login dialog If the Name field is left empty the URL or the directory path is displayed The Public key ...

Page 32: ...e you can complete most tasks for managing Client Security or Anti virus for Workstations You should be able to complete most tasks with the Anti virus mode user interface However particularly if you need to administer products other than Client Security you will need to use the Advanced mode user interface Advanced mode user interface To use all the functionality available in Policy Manager Conso...

Page 33: ...nly available when the Policy tab is selected You can click either the field label or the value editor field to activate the corresponding help text Editing policy settings You can edit common policy settings in the main application area Select a product e g Management Agent and the Policy tab Policy Manager Console will render a product view for your selected product containing the most commonly ...

Page 34: ...elp texts can be displayed by clicking a field or its label For the policy domains the Status tab will show the domain level status overview number of hosts in the domain and list of disconnected hosts 3 Click any disconnected host to quickly change the policy domain selection into that host This way it is possible to investigate if the disconnected host managed to send some alerts or useful stati...

Page 35: ...ile and to switch logging on and off The functionality of the Messages view is not affected when you switch message saving on and off The toolbar The toolbar contains buttons for the most common Policy Manager Console tasks Saves the policy data Distributes the policy Go to the previous domain or host in the domain tree selection history Go to the next domain or host in the domain tree selection h...

Page 36: ...ructure Autodiscover Windows hosts Installs software remotely and imports the hosts specified by IP address or WINS name Push install to Windows hosts Search for a string in the host properties All hosts in the selected domain are searched Find Displays the Properties page of the selected host or policy domain Domain host properties Toggles between the embedded restriction editor and the restricti...

Page 37: ...rase protecting the Policy Manager Console private key Change passphrase Lets you select the reporting methods and the domains hosts and products included in the reports Reporting Sets the local properties for Policy Manager Console These properties only affect the local installation of Policy Manager Console Preferences Displays the Help index Contents Help Opens a dialog to allow you to register...

Page 38: ...ain of the selected parent domain 2 Enter a name for the policy domain An icon for the domain will be created Adding hosts This section describes different ways of adding hosts to a policy domain The main methods of adding hosts to your policy domain depending on your operating system are as follows Import hosts directly from your Windows domain Import hosts through autoregistration requires that ...

Page 39: ...e the import rules for the autoregistered hosts on the Import rules tab in the Import autoregistered hosts window You can use the following as import criteria in the rules WINS name DNS name Dynamic DNS name custom properties These support asterisk as a wildcard The character can replace any number of characters For example host_test or example com Matching is not case sensitive so upper case and ...

Page 40: ...e number of successfully imported hosts and the number of unsuccessful import operations Note that an empty set of conditions is treated as always matching Creating hosts manually This topic describes how to create hosts manually To create a host manually 1 Select the target domain 2 Select Edit New host from the menu Alternatively Click in the toolbar Press Insert This operation is useful in the ...

Page 41: ...Edit menu or by clicking in the toolbar The network name for the host is the name that the host uses internally in the network to access policies Every host has a UID This is a unique identifier a string of characters and numbers that is used to uniquely identify every host in the system On the Platform tab you can add the operating system of the host to the properties Platform name is the name of...

Page 42: ...tion and updates with pre configured packages about the settings used for the installation The end user s computer can be set up silently since the pre configured package contains all of the settings that are normally requested from the user Policy Manager can update the latest anti virus databases by downloading them automatically from the F Secure Automatic Update site Managed hosts will F Secur...

Page 43: ...s the checkmark from the selected host s same as pressing the space bar Check all checkmarks all hosts in the selected Windows domain Uncheck all removes the checkmark from all hosts in the selected Windows domain 5 Click Install to continue After you have selected your target hosts you still need to push install the applications to hosts Push install to Windows hosts You can also select target ho...

Page 44: ...e installation wizard will guide you through a series of dialog boxes in which you must answer some questions for the installation to take place In the final dialog box click Finish and go to the next step Policy Manager installs Management Agent and the selected products on the hosts During this process the Status line will display the procedure in process You can click Cancel at any time to stop...

Page 45: ...be displayed For hosts this is always a single version number Version numbers of the available installation packages for the product Version to install The current version being installed on a host or domain Version being installed Progress of the installation task The Progress field displays information that is different for hosts and for domains Progress If a host is selected the Progress field ...

Page 46: ...ains and hosts option in the confirmation dialog The Stop all button is enabled only if the current host or domain has an installation operation defined Any subdomain operations do not affect the button state Stop all only removes the operation from the policy If a host has already polled the previous policy file it may try to carry out the installation operation even though it is no longer visibl...

Page 47: ... specific properties will appear together with the standard host identification properties in the Autoregistration view The custom property name will be the column name and the value will be presented as a cell value One example of how to utilize custom properties is to create a separate installation package for different organizational units which should be grouped under unit specific policy doma...

Page 48: ... Server The installation packages are JAR archives that can be viewed in WinZip for example but other files types such as the policy files and INI files are used for triggering the actual installation process Before Policy Manager Console can start any installation the initial installation package must be transferred to Policy Manager Server The installation packages are available from two sources...

Page 49: ...mmed red inherited invalid values Restrictions Using value restrictions an administrator can restrict the values of any policy variable to a list of acceptable values from which the user can choose There are two types of restriction access restrictions and value restrictions Access restrictions are Final and Hidden Final always forces the policy the policy variable overrides any local host value a...

Page 50: ...ger Console saves the current policy data and then generates the base policy Policy files are copied to the Communication directory where the F Secure software on the hosts will check for it periodically Note No changes will take effect before you have distributed the policy and the host has fetched the policy file This also applies to operations because they are implemented using the policy based...

Page 51: ... same index values as the cleared row does not exist the emptied row will remain empty after the Clear row operation Note The row can be inherited from a parent domain or from a MIB a definition of the settings and containing the default values for all settings as a default row The MIB can be considered a domain above the root domain in relation to leaf value or row inheritance MIB defaults are in...

Page 52: ...elect one of the actions from the selected product s Operations branch on the Policy tab 2 Click Start to start the selected operation 3 The operation begins on the host as soon as you have distributed the new policy and the host has fetched the policy file You may click Cancel at any time to undo the operation 52 F Secure Policy Manager Using Policy Manager Console ...

Page 53: ...en an alert is selected from the list more specific information about the alert will be displayed F Secure anti virus scanning alerts may have an attached report which will also be displayed 2 To view reports click on the Reports tab or select Product view Messages from the menu The Reports tab has the same structure as the Alerts tab Alerts tables and Reports tables can be sorted by clicking on t...

Page 54: ...u have a large domain structure specifying strict alert forwarding rules at the root domain level could flood Policy Manager Console with too many alerts 3 Configure the alert target further if necessary by setting the policy variables under target specific branches For example Settings Alerting F Secure Policy Manager Console Retry send interval specifies how often a host will attempt to send ale...

Page 55: ...le Description Report type Export view reports containing values of all policy variables of the selected products from the selected Policy domains You can also select the Inheritance check box if you want inheritance information to be included in the report Export view reports containing values of all policy variables of the selected products from the selected Inheritance domains that are not inhe...

Page 56: ...olling properties Alert report type dependent configurations allows you to sort alerts by the alert description fields and select the severities of alerts to be included in the report Bottom pane After a report is configured you can select an action to take in the bottom pane of the Reporting tool In the bottom pane you can Reset the defaults to all user interface components Launch the report expo...

Page 57: ...erate the report and view it in HTML format with your default web browser If no default web browser has been defined a dialog box appears prompting you to define your web browser Click Export in the bottom pane to generate the report and save it as a file The file path and report format are defined in the File save dialog box that appears after clicking Export F Secure Policy Manager Using Policy ...

Page 58: ...5 all hosts that haven t contacted the server within 12 hours are considered disconnected Values less than one day are normally useful only for troubleshooting purposes because in a typical environment some hosts are naturally disconnected from the server every now and then For example laptop computers may not be able to access the server daily but in most cases this is perfectly acceptable behavi...

Page 59: ...on and comments could be disabled in normal production use The serial file of generated base policy files The serial number increments automatically Normally there is no need to adjust it Policy file serial number manually You only need to increase the value if hosts are not accepting policy files because of serial numbers that are too low the hosts report this as errors In this case the serial nu...

Page 60: ...ed hosts Caution Do not deactivate MIBs unless you have been instructed to do so by F Secure Deactivating MIBs for products that are actually installed in some managed hosts will result in system malfunction You may clear all cached information concerning browsed hosts and installed software to free up disk space Clear cache Push installation The full path to the HTML browser s executable file The...

Page 61: ... Server Here you will find details on how to backup and restore console data in Policy Manager Server Topics Backing up restoring Policy Manager Console data Creating the backup Restoring the backup Replicating software using image files ...

Page 62: ...ere can be substantially more data than in the fsa domains directory Another disadvantage is that Policy Manager Server must be stopped before doing the full backup To back up the management key pair copy the admin prv file and the admin pub file from the root of the local Policy Manager Console installation directory Keep the admin prv file stored in a secure place It is very important to save a ...

Page 63: ...y d Back up the F Secure installation folder Management Server 5 data db directory e Back up the admin prv and admin pub files from the root of the local Policy Manager Console installation directory f Back up the lib Administrator properties file from the local Policy Manager Console installation directory g Restart the Policy Manager Server service h Reopen the Policy Manager Console management ...

Page 64: ...icy Manager Console installation directory f Copy the admin prv key to the root of the Policy Manager Console installation directory g Copy the console preferences Administrator properties to the console installation directory lib directory h Restart the Policy Manager Server service i Reopen the Policy Manager Console management sessions j Distribute policies 2 If you backed up only the policy do...

Page 65: ...rrect Policy Manager Server Note Do not import the host to Policy Manager Console if the host has sent an autoregistration request to Policy Manager Server Only hosts to where the image file will be installed should be imported 3 Run the fsmautil resetuid command from the command prompt This utility is typically located in the C Program Files F Secure Common directory the directory may be differen...

Page 66: ......

Page 67: ...ust be kept up to date to ensure proper protection against the latest threats Topics Automatic updates with Automatic Update Agent Using Automatic Update Agent Forcing Automatic Update Agent to check for new updates immediately Updating the databases manually Troubleshooting ...

Page 68: ...not be adjusted from the client side In Policy Manager 6 0 and onwards the Automatic Update Agent installed with F Secure products tries to download the automatic updates from the configured update sources in the following order 1 If there are Policy Manager proxies in use in the company network the client tries to connect to Policy Manager Server through each Policy Manager proxy in turn 2 If the...

Page 69: ...was downloaded and continues to download the rest of the file next time you connect Automated updates You don t have to look for the updates and manually download them With Automatic Update Agent you will automatically get the virus definition updates when they have been published by F Secure F Secure Policy Manager Updating virus definition databases 69 ...

Page 70: ...xies http proxy1 8080 http backup_proxy 8880 http domain username usernamespassword ntlmproxy domain com 80 3 Specify the polling interval The poll_interval directive specifies how often Automatic Update Agent checks for new updates The default is 1800 seconds which is half an hour poll_interval 1800 Note If the minimum polling interval defined on the F Secure update server is for example 2 hours ...

Page 71: ...ates are available The connection was successful and some files were downloaded Downloaded F Secure Anti Virus Update 2006 10 26_04 DFUpdates version 1161851933 from fsbwserver f secure com 12445450 bytes download size 3853577 The files were successfully placed into the destination directory and the existing files were removed This Installation of F Secure Anti Virus Update 2006 10 26_04 Success i...

Page 72: ...Automatic Update Agent interface To do this 1 Select Start Programs F Secure Policy Manager F Secure Automatic Update Agent to open the Automatic Update Agent application interface 2 Click Check now to check if any updates are currently available The Communication line will indicate the current update status 72 F Secure Policy Manager Updating virus definition databases ...

Page 73: ... databases manually 1 Connect to http support f secure com from another computer 2 Download the fsdbupdate exe tool 3 Transfer the fsdbupdate exe tool to your computer for example by using a memory stick or other removable media and run it F Secure Policy Manager Updating virus definition databases 73 ...

Page 74: ...ed Check and correct the HTTP proxy password in the http_proxies directive in the fsaua cfg file The password entered for HTTP proxy is incorrect Proxy Authentication failed Free some disk space to enable the update There is not enough free disk space on the drive where the destination directory is located The disk is full or there was an IO error Unknown There was a server error or an unspecified...

Page 75: ... by Management Agent to Policy Manager Server You can export the reports into HTML Web Reporting is integrated with a SQL database which guarantees it s suitability for every size of company The Web Reporting database collects all data that is currently stored in Policy Manager Server and adds new data as it arrives The collected data includes most of the data in alerts and some of the data in Inc...

Page 76: ...ected report category Root is selected by default in the Policy domains tree 4 To view a new report first select the domain subdomain or host for which you want to generate the report 5 Select a report category Virus Protection summary Internet Shield summary Alerts Installed software and Host properties and the exact report to be generated 6 Wait until the report is displayed in the lower part of...

Page 77: ...the selections you want to monitor and then add a link to that report on your computer desktop bookmarks or some other location The next time you access Web Reporting through this link the report is regenerated and will contain the latest data You can also save the report you have generated so that you can compare the current situation with the reports you will generate in the future First generat...

Page 78: ...r Server service 2 Copy the file C Program Files F Secure Management Server 5 Web Reporting firebird data fspmwr fdb to the backup media You can also use some compression utility to compress the file Using a compression utility also provides you a means to check that the backed up database is still intact 3 Restart the Policy Manager Server service Note A backup copy protects historical data again...

Page 79: ... all processes not having started yet wait for a while and then try to reload the page You can also reduce the startup time by deleting the unnecessary alerts from the CommDir 3 Restart the Web Reporting service 4 Restart Policy Manager Server 5 Restart the computer 6 Re install Policy Manager Server keeping the existing configuration 7 If all else fails reset the Web Reporting database or restore...

Page 80: ...ws F Secure Management Server 5 registry key 3 Edit the WRPortNum value and enter the new port number Make sure Decimal is selected as the Base option when entering the new port number 4 Start Policy Manager Server If there is a port conflict Policy Manager Server will not start and an error message will be printed in the log file In this case you should try another unused port 80 F Secure Policy ...

Page 81: ...Chapter 7 Policy Manager Proxy In this section you will find some basic information regarding Policy Manager Proxy Topics Overview ...

Page 82: ...e it as a database distribution point There should be one Policy Manager Proxy in every network that is behind slow network lines Policy Manager Proxy retrieves virus definition database updates directly from the F Secure distribution server and hosts running Anti virus fetch the updates locally from Policy Manager Proxy Workstations in the remote offices communicate also with the Policy Manager S...

Page 83: ...ubleshooting If you encounter problems when using the product you can find possible solutions in this section Topics Policy Manager Server and Policy Manager Console Policy Manager Web Reporting Policy distribution ...

Page 84: ...r 5 directory by default C Program Files F Secure Management Server 5 and all its subdirectories After these changes restart the Policy Manager Server service or reboot the computer The Local Service account is the Windows system account and the Policy Manager Server service is started under this user account With normal installation the directory access rights for the Management Server 5 director...

Page 85: ...d SYS files You must allow the Local Service account to read the following directories SystemRoot SystemRoot system32 SystemRoot system32 drivers Some service restrictions can also prevent the Policy Manager Server service from starting For more information on these please consult the Microsoft Windows Server documentation If you are getting the Unable to connect to management server Another admin...

Page 86: ... increase the number of Windows networking ports Useful Windows networking settings are HKLM SYSTEM CurrentControlSet Services Tcpip Parameters MaxUserPort maximum number of network ports default 5000 HKLM SYSTEM CurrentControlSet Services Tcpip Parameters TcpTimedWaitDelay time to wait before closing inactive network connection default 240 seconds The netstat an command can be used to check wheth...

Page 87: ...If you have workstations already configured to access Policy Manager Server through the Policy Manager Server host module you should not change the Policy Manager Server host port where agents communicate since you might reach a state where the workstations will not be able to contact the server F Secure Policy Manager Troubleshooting 87 ...

Page 88: ...guration files are in F Secure Management Server 5 Web Reporting fspmwr conf F Secure Management Server 5 Web Reporting jetty etc fspmwr xml F Secure Management Server 5 Web Reporting firebird aliases conf F Secure Management Server 5 Web Reporting firebird firebird conf See also the Policy Manager Server configuration files F Secure Management Server 5 conf httpd conf F Secure Management Server 5...

Page 89: ...ns based on the installed product When a domain includes hosts that have different product versions version For example group hosts that have Client Security installed the MIB settings from the 6 x installed into one newest product version are used for sub domain and hosts that have editing the policy values As result Client Security 7 x installed into another domain policy distribution may fail o...

Page 90: ......

Page 91: ...Chapter 9 Ilaunchr error codes This section provides information on error codes related to the Ilaunchr component Topics Error codes ...

Page 92: ...stallation package 6 Target disk has insufficient free space for installation 7 File package ini was not found in JAR file 8 File package ini did not contain any work instructions 9 Wrong parameters in command line or ini file 10 Error in initializing a new working process 11 Error in creating the install process for setup 12 Could not create a temp directory 13 Undefined error 14 Data needed for ...

Page 93: ... plug in dll 150 Setup was unable to load installation support dll 151 Setup was unable to load wrapper dll 152 Setup was unable to initialize a cabinet file 160 Management Agent Setup plug in returned error 170 Plug in returned an unexpected code 171 Plug in returned a wrapper code 172 One of the previous install uninstall operations was not completed Reboot is required to complete it 173 The tar...

Page 94: ......

Page 95: ...Chapter 10 FSII remote installation error codes This section describes the most common error codes and messages that can occur during the Autodiscover Windows Hosts operation Topics Error codes ...

Page 96: ...cription Error message By default even the administrator does not have a required Act as part of operating system privilege The required privilege is not granted for the current account and should be added manually on the Policy Manager Console machine Without this privilege Windows NT does not allow FSII to authenticate the entered user accounts To add this privilege to administrator s account on...

Page 97: ... in the target Windows directory If the target host has a newer product version already installed the installation cannot be completed without first uninstalling it Newer F Secure product detected installation aborted The prodsett ini configuration file has invalid information If you have edited it manually make sure Invalid data is encountered in prodsett ini the syntax is correct It is recommend...

Page 98: ......

Page 99: ...Chapter 11 NSC notation for netmasks You will find information on combining a network address with its associated netmask in this section Topics NSC notation details ...

Page 100: ... that use comb style netmasks where all one bits are not contiguous The following table gives the number of bits for each permitted netmask The 0 0 0 0 is a special network definition reserved for the default route Bits Netmask 1 128 0 0 0 2 192 0 0 0 3 224 0 0 0 4 240 0 0 0 5 248 0 0 0 6 252 0 0 0 7 254 0 0 0 8 255 0 0 0 9 255 128 0 0 10 255 192 0 0 11 255 224 0 0 12 255 240 0 0 13 255 248 0 0 14...

Page 101: ...Bits Netmask 28 255 255 255 240 29 255 255 255 248 30 255 255 255 252 31 255 255 255 254 32 255 255 255 255 F Secure Policy Manager NSC notation for netmasks 101 ...

Page 102: ......

Reviews: