Starting version 8.9.03, BMC Network Automation is renamed to TrueSight Network Automation. This space contains information about BMC Network Automation 8.9.02 and previous versions. For TrueSight Network Automation 8.9.03 and later releases, see the TrueSight Network Automation documentation.

Setting up for installation on a Windows server

You must perform the following tasks before starting the installation on a Microsoft Windows server:

Extracting the installation files  

Perform the following steps to extract the installation files:

  1. Locate the file that you downloaded from the BMC Electronic Product Distribution (EPD) site, or on media if you purchased the product with media.
    For information about the EPD site, see Downloading the installation files.

    On media, the Microsoft Windows installation files are in the \install\windows subdirectory. For either downloads or media, the file name is bna-server-
  2.  Extract the archive. The following table lists the files contained in the download:


    In case of application server or remote device agent upgrade, ensure that you do not extract the archive into the existing Disk1 directory. Either extract into a new directory or delete the existing Disk1 directory before extracting the archive.

    Files contained in the download




    The main installation executable


    Compressed Java archive that contains installation files


    Main installation files


    Installation maintenance utility used for various tasks. See Running the Maintenance and Cleanup tools.


    Installation cleanup utility used for various tasks. See Running the Maintenance and Cleanup tools.

  Back to top

(Optional) Creating a user account on a Windows server

The BMC Network Automation installation on a Windows server requires a user account (for example, bcan). This account is referred to as the BCAN_USER account. You can create this account either before installation or during installation.

This user account cannot be an administrator account and must have privileges to log on locally. 

This account would own all the installed files in  BCAN_HOME  and  BCAN_DATA . It would also be used to initialize and run the embedded postgres service, if you use that option.


You can optionally use the BCAN_USER account for FTP and SCP file transfers. For more information about remote device agents and FTP/SCP file transfers, see Administering remote device agents.

To create the BCAN_USER   account and assign the required permissions

  1. Log on as an Administrator. The BCAN_USER account must be a local account. Create the BCAN_USER account under Control Panel > User Accounts as a Limited account. Assign a password to the account.


    BMC strongly recommends not using the at sign (@) in the password. Some device file transfers might fail because they use the user:password@host/file format. If the password contains an at sign, the file transfer treats all characters after the at sign as the host name.

  2. Go to Control Panel > Administrative Tools > Local Security Policy.
  3. Verify that the BCAN_USER account is permitted to log on locally.
  4. Add BCAN_USER to Local Policies > User Rights Assignment > Allow log on locally.
  5. Remove BCAN_USER from Local Policies > User Rights Assignment > Deny logon locally.
    Note that BCAN_USER might need to be added to the Remote Desktop Group if the installation and upgrades are be done using a Remote Desktop Connection.
  6. Ensure that the BCAN_USER account has access to the TFTP, FTP, and SCP directories. This access is the default for a newly created account in Windows.
  7. Log off as Administrator.
  8. You must log on using the BCAN_USER account to ensure that the home directory, C:\Users and profile are created. If the home directory is not created, the installation fails.

    This step also confirms that the BCAN_USER account has the required user policy rights.
  9. While logged as BCAN_USER, open a command prompt and type echo %USERDOMAIN%.
    The response to this command is the domain where the BCAN_USER account is validated. During installation you are asked to provide this value.
  10. Log out as BCAN_USER and log in as Administrator.
  11. Go to Control Panel > Administration Tools > Services. Ensure that the Secondary Logon, the Windows service is started and has the Startup Type set to Automatic.  

  Back to top

Checking required disk space on a Windows server

Installation of the BMC Network Automation server requires approximately 1.2 GB of free disk storage on a Windows server.

Do not install the software on a networked drive. You must install the software on a local drive.

Installing Microsoft .NET 3.5 for TFTP server

To use TFTP as the file transfer protocol for devices, you must install Microsoft .NET Framework 3.5.x. To install .NET Framework specific to your OS, see

Installing Microsoft Visual C++ 2013 (x64)

To use the embedded PostgreSQL database, you must install Microsoft Visual C++ 2013 (x64). For installation instructions, see

Determining whether to install FTP or SCP on a Windows server

If you plan to use File Transfer Protocol (FTP) or Secure Copy (SCP) for device configuration and software image management, install the FTP server (see Installing an FTP server on Windows) and the SSH/SCP server (see Installing an SSH and SCP server on Windows) per the installation instructions specified before making a configuration snapshot. The software installs a Trivial FTP (TFTP) server only on Windows platforms as part of its installation process.

Back to top

Checking security software

If your server is running any security software (such as a firewall, anti-malware, anti-virus, or intrusion protection software), you need to ensure the software does not interfere with any of the applications installed by BMC Network Automation.

Ensure all of the following:

  • Blocked ports: If you are running the built-in Microsoft Windows firewall or any third-party firewall on the server, you must ensure that all ports that might be required by the software (for example, syslog, TFTP, SSH, FTP) are not blocked.
    For more information about how to configure Windows firewall ports used by BMC Network Automation, see  Troubleshooting Windows firewall ports .
    If you are deploying any remote device agents, you must ensure that the RMI port (default 1099) specified during the installation of the remote device agent is not blocked by any firewall.
    All other security software, such as anti-virus or malware software, must also be configured to ensure that no ports are blocked that might be required by the BMC Network Automation web server or file transfer services.
  • TFTP server: Many security software packages can block or quarantine a TFTP server as malware because TFTP is an insecure protocol. Note that installing the TFTP server is an option during the BMC Network Automation installation procedure.
  • BCAN_DATA  directory:
    • File scanning: If an anti-virus software package is installed on the server, set it to exclude virus checking on the  BCAN_DATA  directory. Otherwise, every file transfer from a device (for example, configuration file backup) is run through the virus checker.
    • File permission changes: Anti-virus software also needs to be excluded from scanning the  BCAN_DATA  directory to prevent file permissions on Postgres database files from being altered. Failure to do so can cause database corruption.
    • Locking database files: Ensure that there no application running on the server can lock  BCAN_DATA  data files, such as file-level backups, because file-level locks can cause database corruption.

Back to top

Enabling Windows 8.3 file names

To successfully install the application server and remote device agent, you must enable Microsoft Windows 8.3 file names before the installation. Perform the following steps to verify or enable Windows 8.3 file names:

  1. Verify whether the Windows 8.3 file names feature is enabled: In a Windows command prompt enter fsutil behavior query disable8dot3.
    • If the output is disable8dot=0, then Windows 8.3 file names are enabled.
    • If the output is disable8dot=1, then Windows 8.3 file names are disabled. Continue with the next step to enable Windows 8.3 file names.
  2. In a Windows command prompt, enable Windows 8.3 files names by entering fsutil behavior set disable8dot3 0 .
  3. Restart Windows.

Back to top

Disabling data execution prevention

Perform the following steps to disable DEP on Windows:

  1. Select Start > Control Panel, and open the System utility.
  2. Select the Advanced tab.
  3. In the Performance area, click Settings.
  4. Select the DataExecutionPrevention tab.
  5. Verify that the Turn on DEP for all programs and services except for those I select option is selected.
    Select the appropriate option, step 6  or  step 7.
  6.  If Turn on DEP for all programs and services except for those I select is selected, then add the installation program to the list:
    1. Select Add.
    2. Browse to the directory where you extracted the installation files in Extracting the installation files, select the installation application, setup.cmd, and then click Open
      The selected program is added to the DEP program area.
    3. Click Apply, and then click OK.
    4. In the dialog box that informs you that you must restart your computer for the setting to take effect, click OK.
  7.  If Turn on DEP for all programs and services except for those I select is not selected, Click OK to close System Properties.

    If you do not correctly configure the DEP feature and terminal services, when you run the installer a wizard panel appears indicating that you need to handle these issues.

  Back to top

Updating Windows Terminal Services options 

Microsoft Windows Terminal Services configuration options need to be updated. Perform one of the following tasks depending on your OS version:



Windows 2008

  1. Select Start > Run.
  2. Type gpedit.msc, and then press Enter or click OK.
  3. In the Group Policy window, go to Computer Configuration > Administrative Templates > Windows Components > Terminal Services > Temporary Folders.
  4. Enable Do not use temp folders per session and Do not delete temp folder upon exit.
  5. Close the Group Policy window.

Windows 2008 R2

  1. Select Start > Run.
  2. Type gpedit.msc, and then press Enter or click OK.
  3. In the Group Policy window, go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Temporary Folders.
  4. Enable Do not use temp folders per session and Do not delete temp folder upon exit.
  5. Close the Group Policy window.

Back to top

Configuring databases for Windows

The followoing sections describe how to  configure PostgreSQL ,  Oracle and Microsoft SQL Server databases , and Microsoft SQL databases for Microsoft Windows.

Configuring PostrgreSQL database encoding

If you use a remote PostrgreSQL database, it must be initialized with UTF-8 encoding. Specify the -encoding UTF-8 option when you initialize the database.

Configuring Oracle and SQL Server databases

Read the topics in this section to understand the tasks that you need to perform on Oracle and SQL Server databases before installing the product on a Windows computer.

SQL Server database user account

BMC recommends creating a user account for use only by BMC Network Automation. BMC Network Automation strictly prohibits using the sa user account.

SQL Server database schema

BMC recommends creating a new schema for BMC Network Automation objects. Confirm that the user login properties has mapping to a user-defined schema.

SQL Server isolation level

On SQL Server, set the READ COMMITTED SNAPSHOT isolation level of the BMC Network Automation database to ON using the following statements:

ALTER DATABASE <databaseName>

ALTER DATABASE <databaseName> 

SQL and Oracle database user account privileges

The BMC Network Automation Oracle or SQL Server user account must have the following privileges:



Oracle or SQL Server

  • Create, alter, or drop tables
  • Create, alter, or drop indices
  • Create, alter, or drop constraints
  • Create, alter, or drop views
  • Insert, update, or delete rows
  • (Oracle only) Grant access to the appropriate tablespace

Oracle user naming conventions

When creating database users for the BMC Network Automation installation, ensure that the user names meet these requirements:

  • User names contain upto 30 characters.
  • User names contain only alphanumeric characters from your database character set and the underscore (_), dollar sign ($), and pound sign (#).
  • User names do not contain hyphens (-).
  • Oracle Database reserved words are not used as user names. 

For more information about naming database users, see the guidelines and rules stated for the non-quoted identifiers in the Schema Object Names and Qualifiers section in the Oracle documentation.

Oracle RAC data file path

If your database is an Oracle Real Application Cluster (RAC) using Automatic Storage Management (ASM) to manage the data file, the path to the data file must use the following format:




For example, if the data space name in your Oracle RAC environment is named DATA, you would enter +DATA.

Oracle RAC databases that are not using ASM should use the standard format, the absolute file path to the database data file.

Oracle 12c

When performing a fresh installation with Oracle 12c, you must execute one of the the following commands to ensure that the pluggable database is started if the Create New User option is selected.

alter pluggable database all open; or alter pluggable database <pluggable_db_name> open;


If you want to connect to the database by using a system ID (SID) instead of a service, you must perform the following steps to ensure that the BMC Network Automation installation does not fail:

  1. Set the USE_SID_AS_SERVICE_listener_name parameter in the listener.ora file.
  2. Restart the listener.

For details about how to connect to a pluggable database, see the Oracle documentation at

Configuring Microsoft SQL databases

When performing a fresh installation and selecting the Create New Database option, ensure that the SQL Server service log-on account is Local System Account .

  Back to top

Checking IPv6 configuration on Windows

If you are installing the BMC Network Automation server or remote device agent on a Microsoft Windows host computer that either has both the IPv4 and IPv6 protocols or only the IPv6 protocol, confirm that the DNS is properly configured.

To confirm, run the nslookup command on the local host name and confirm that both IPv4 and IPv6 addresses are configured, as shown in the following example:

 Windows nslookup to verify IP addresses


C:\Users\Administrator>nslookup -type=any vw-pun-bpm-qa05
Address: 2001:500:100:1100:4d27:9d12:e995:5e59    internet address =    AAAA IPv6 address = 2001:500:100:1100:250:56ff:f

Back to top

Related topic

Installation fails due to spaces in the installation directory path

Was this page helpful? Yes No Submitting... Thank you