Setting up for installation on a Windows server
You must perform the following tasks before starting the installation on a Microsoftserver:
Extracting the installation files
Perform the following steps to extract the installation files:
- Locate the file that you downloaded from the BMC Electronic Product Distribution (EPD) site, or on media if you purchased the product with media.
For information about the EPD site, see Downloading the installation files.
On media, the Microsoft Windows installation files are in the \install\windows subdirectory. For either downloads or media, the file name is bna-server- v.r.mm -win64.zip
Extract the archive. The following table lists the files contained in the download:
In case of application server or remote device agent upgrade, ensure that you do not extract the archive into the existing Disk1 directory. Either extract into a new directory or delete the existing Disk1 directory before extracting the archive.
Files contained in the download
The main installation executable
Compressed Java archive that contains installation files
Main installation files
Installation maintenance utility used for various tasks. See Running the Maintenance and Cleanup tools.
Installation cleanup utility used for various tasks. See Running the Maintenance and Cleanup tools.
(Optional) Creating a user account on a Windows server
The BMC Network Automation installation on a Windows server requires a user account (for example, bcan). This account is referred to as the BCAN_USER account. You can create this account either before installation or during installation.
This user account cannot be an administrator account and must have privileges to log on locally.
This account would own all the installed files in BCAN_HOME and BCAN_DATA . It would also be used to initialize and run the embedded postgres service, if you use that option.
You can optionally use the BCAN_USER account for FTP and SCP file transfers. For more information about remote device agents and FTP/SCP file transfers, see Administering remote device agents.
To create the BCAN_USERaccount and assign the required permissions
Log on as an Administrator. The BCAN_USER account must be a local account. Create the BCAN_USER account under Control Panel > User Accounts as a Limited account. Assign a password to the account.
BMC strongly recommends not using the at sign (@) in the password. Some device file transfers might fail because they use the user:password@host/file format. If the password contains an at sign, the file transfer treats all characters after the at sign as the host name.
- Go to Control Panel > Administrative Tools > Local Security Policy.
- Verify that the BCAN_USER account is permitted to log on locally.
- Add BCAN_USER to Local Policies > User Rights Assignment > Allow log on locally.
- Remove BCAN_USER from Local Policies > User Rights Assignment > Deny logon locally.
Note that BCAN_USER might need to be added to the Remote Desktop Group if the installation and upgrades are be done using a Remote Desktop Connection.
- Ensure that the BCAN_USER account has access to the TFTP, FTP, and SCP directories. This access is the default for a newly created account in Windows.
- Log off as Administrator.
- You must log on using the BCAN_USER account to ensure that the home directory, C:\Users and profile are created. If the home directory is not created, the installation fails.
This step also confirms that the BCAN_USER account has the required user policy rights.
- While logged as BCAN_USER, open a command prompt and type
The response to this command is the domain where the BCAN_USER account is validated. During installation you are asked to provide this value.
- Log out as BCAN_USER and log in as Administrator.
- Go to Control Panel > Administration Tools > Services. Ensure that the Secondary Logon, the Windows service is started and has the Startup Type set to Automatic.
Checking required disk space on a Windows server
Installation of the BMC Network Automation server requires approximately 1.2 GB of free disk storage on a Windows server.
Do not install the software on a networked drive. You must install the software on a local drive.
Installing Microsoft .NET 3.5 for TFTP server
To use TFTP as the file transfer protocol for devices, you must install Microsoft .NET Framework 3.5.x. To install .NET Framework specific to your OS, see http://www.microsoft.com/en-in/download/.
Installing Microsoft Visual C++ 2013 (x64)
To use the embedded PostgreSQL database, you must install Microsoft Visual C++ 2013 (x64). For installation instructions, see https://www.microsoft.com/en-us/download/details.aspx?id=40784.
Determining whether to install FTP or SCP on a Windows server
If you plan to use File Transfer Protocol (FTP) or Secure Copy (SCP) for device configuration and software image management, install the FTP server (see Installing an FTP server on Windows) and the SSH/SCP server (see Installing an SSH and SCP server on Windows) per the installation instructions specified before making a configuration snapshot. The software installs a Trivial FTP (TFTP) server only on Windows platforms as part of its installation process.
Checking security software
If your server is running any security software (such as a firewall, anti-malware, anti-virus, or intrusion protection software), you need to ensure the software does not interfere with any of the applications installed by BMC Network Automation.
Ensure all of the following:
- Blocked ports: If you are running the built-in Microsoft Windows firewall or any third-party firewall on the server, you must ensure that all ports that might be required by the software (for example, syslog, TFTP, SSH, FTP) are not blocked.
For more information about how to configure Windows firewall ports used by BMC Network Automation, see .
If you are deploying any remote device agents, you must ensure that the RMI port (default 1099) specified during the installation of the remote device agent is not blocked by any firewall.
All other security software, such as anti-virus or malware software, must also be configured to ensure that no ports are blocked that might be required by the BMC Network Automation web server or file transfer services.
- TFTP server: Many security software packages can block or quarantine a TFTP server as malware because TFTP is an insecure protocol. Note that installing the TFTP server is an option during the BMC Network Automation installation procedure.
- BCAN_DATA directory:
- File scanning: If an anti-virus software package is installed on the server, set it to exclude virus checking on the BCAN_DATA directory. Otherwise, every file transfer from a device (for example, configuration file backup) is run through the virus checker.
- File permission changes: Anti-virus software also needs to be excluded from scanning the BCAN_DATA directory to prevent file permissions on Postgres database files from being altered. Failure to do so can cause database corruption.
- Locking database files: Ensure that there no application running on the server can lock BCAN_DATA data files, such as file-level backups, because file-level locks can cause database corruption.
Enabling Windows 8.3 file names
To successfully install the application server and remote device agent, you must enable Microsoft Windows 8.3 file names before the installation. Perform the following steps to verify or enable Windows 8.3 file names:
- Verify whether the Windows 8.3 file names feature is enabled: In a Windows command prompt enter
fsutil behavior query disable8dot3.
- If the output is
disable8dot=0, then Windows 8.3 file names are enabled.
- If the output is
disable8dot=1, then Windows 8.3 file names are disabled. Continue with the next step to enable Windows 8.3 file names.
- If the output is
- In a Windows command prompt, enable Windows 8.3 files names by entering
fsutil behavior set disable8dot3 0.
- Restart Windows.
Disabling data execution prevention
Perform the following steps to disable DEP on Windows:
- Select Start > Control Panel, and open the System utility.
- Select the Advanced tab.
- In the Performance area, click Settings.
- Select the DataExecutionPrevention tab.
- Verify that the Turn on DEP for all programs and services except for those I select option is selected.
Select the appropriate option, step 6 or step 7.
If Turn on DEP for all programs and services except for those I select is selected, then add the installation program to the list:
- Select Add.
- Browse to the directory where you extracted the installation files in Extracting the installation files, select the installation application, setup.cmd, and then click Open.
The selected program is added to the DEP program area.
- Click Apply, and then click OK.
- In the dialog box that informs you that you must restart your computer for the setting to take effect, click OK.
If Turn on DEP for all programs and services except for those I select is not selected, Click OK to close System Properties.
If you do not correctly configure the DEP feature and terminal services, when you run the installer a wizard panel appears indicating that you need to handle these issues.
Updating Windows Terminal Services options
Microsoft Windows Terminal Services configuration options need to be updated. Perform one of the following tasks depending on your OS version:
Windows 2008 R2
Configuring databases for Windows
The followoing sections describe how to Microsoft SQL databases for Microsoft Windows., and
Configuring PostrgreSQL database encoding
If you use a remote PostrgreSQL database, it must be initialized with UTF-8 encoding. Specify the
-encoding UTF-8 option when you initialize the database.
Configuring Oracle and SQL Server databases
Read the topics in this section to understand the tasks that you need to perform on Oracle and SQL Server databases before installing the product on a Windows computer.
SQL Server database user account
BMC recommends creating a user account for use only by BMC Network Automation. BMC Network Automation strictly prohibits using the sa user account.
SQL Server database schema
BMC recommends creating a new schema for BMC Network Automation objects. Confirm that the user login properties has mapping to a user-defined schema.
SQL Server isolation level
On SQL Server, set the
READ COMMITTED SNAPSHOT isolation level of the BMC Network Automation database to
ON using the following statements:
ALTER DATABASE <databaseName> SET ALLOW_SNAPSHOT_ISOLATION ON ALTER DATABASE <databaseName> SET READ_COMMITTED_SNAPSHOT ON
SQL and Oracle database user account privileges
The BMC Network Automation Oracle or SQL Server user account must have the following privileges:
Oracle or SQL Server
Oracle user naming conventions
When creating database users for the BMC Network Automation installation, ensure that the user names meet these requirements:
- User names contain upto 30 characters.
- User names contain only alphanumeric characters from your database character set and the underscore (_), dollar sign ($), and pound sign (#).
- User names do not contain hyphens (-).
- Oracle Database reserved words are not used as user names.
For more information about naming database users, see the guidelines and rules stated for the non-quoted identifiers in the Schema Object Names and Qualifiers section in the Oracle documentation.
Oracle RAC data file path
If your database is an Oracle Real Application Cluster (RAC) using Automatic Storage Management (ASM) to manage the data file, the path to the data file must use the following format:
For example, if the data space name in your Oracle RAC environment is named
DATA, you would enter
Oracle RAC databases that are not using ASM should use the standard format, the absolute file path to the database data file.
When performing a fresh installation with Oracle 12c, you must execute one of the the following commands to ensure that the pluggable database is started if the Create New User option is selected.
alter pluggable database all open; or
alter pluggable database <pluggable_db_name> open;
If you want to connect to the database by using a system ID (SID) instead of a service, you must perform the following steps to ensure that the BMC Network Automation installation does not fail:
- Set the
USE_SID_AS_SERVICE_listener_nameparameter in the listener.ora file.
- Restart the listener.
For details about how to connect to a pluggable database, see the Oracle documentation at http://docs.oracle.com/database/121/NETRF/listener.htm.
Configuring Microsoft SQL databases
When performing a fresh installation and selecting the Create New Database option, ensure that the SQL Server service log-on account is Local System Account .
Checking IPv6 configuration on Windows
If you are installing the BMC Network Automation server or remote device agent on a Microsoft Windows host computer that either has both the IPv4 and IPv6 protocols or only the IPv6 protocol, confirm that the DNS is properly configured.
To confirm, run the
nslookup command on the local host name and confirm that both IPv4 and IPv6 addresses are configured, as shown in the following example:
Windows nslookup to verify IP addresses
C:\Users\Administrator>nslookup -type=any vw-pun-bpm-qa05
vl-pun-bna-dv06.ipv6.bmc.com internet address = 10.128.251.112
vl-pun-bna-dv06.ipv6.bmc.com AAAA IPv6 address = 2001:500:100:1100:250:56ff:f