Limitations and restrictions of this version

Operational warnings

Warning

Failure to comply with the following instructions will result in datastore corruption, and in some cases unrecoverable datastore corruption.

Modification of datastore files and logs

Under no circumstances should you add, remove, or amend any of the datastore files or datastore log files without explicit clearance from BMC Customer Support.

The following are examples of datastore file names:

  • pa55bc128f62ce9c427a1d742_nHost_hidx
  • pa55bc128f62ce9c427a1d742_nHost_hist
  • __db.001
  • DB_CONFIG
  • main

The following are examples of datastore log file names:

  • log.000002301
  • log.000002302

The location of the datastore and the datastore log files may be obtained by reading the /usr/tideway/etc/link.conf file. Under no circumstances should you modify this file once a system has been commissioned.

Datastore files must not be moved to a remote filesystem

The datastore files must not be moved to a remote filesystem. This is not a supported configuration, nor is this supported by the underlying Berkeley DB database environment.

Limitations and restrictions

The following list provides links to the limitations and restrictions of this version:

Network infrastructure discovery

BMC Atrium Discovery supports discovery of network infrastructure devices, that is, routers, switches, and network printers. BMC Atrium Discovery does not currently support discovery of other devices that may also be accessible by or managed via SNMP.

Currently the product also includes support for discovering the presence of a small number of devices that are not network infrastructure devices, such as UPS devices, and temperature monitors, since these devices were discovered by BMC Atrium Discovery 7.5 or BMC Foundation Discovery and BMC Topology Discovery product and simply adopted into BMC Atrium Discovery 8.2. These devices are today (incorrectly) classified as NetworkDevice nodes.

When we upgrade BMC Atrium Discovery to deal with these properly, we will change how these devices are modeled. We have no plans to extend our limited support for those devices in current releases.

Firefox internal PDF viewer

The Firefox internal PDF viewer does not display the PDF reports correctly. To work around this problem, use an alternative plugin, or download the files and view in a standalone PDF viewer. See the Mozilla website for more information. Affected versions include Firefox 21.0.

 

Non-English Windows discovery using RemQuery

When attempting to discover Windows hosts using a non-English locale using only RemQuery, discovery may fail with the error message Failed to parse command output, or  it may return incorrect information. They can however be successfully discovered using WMI.

Non-ASCII Unicode characters in CAM

In Collaborative Application Mapping (CAM), if you create components such as group names or functional components, that contain non-ASCII Unicode characters, the Business Application Instance (BAI) that results from running the pattern displays with unreadable characters.

Network device scanning

Scanning a network device may timeout, particularly on devices with many logical interfaces. Currently, network device discovery uses a single monolithic call when discovering a network device and once made, the call cannot be stopped. This means that when a device with multiple interfaces is scanned, a full discovery of the device is performed via all of the endpoints that it responds on, instead of discovery for the alternative endpoints being limited to the minimum required to determine that it is the same device. This slows the overall discovery of the device to the point where it can timeout at 30 minutes. Additionally, it puts unnecessary load on the network device. This issue is addressed in BMC Atrium Discovery 8.3 SP2.

Tcpvcon cannot be pushed to Windows 2000 hosts (13963)

Tcpvcon cannot be pushed to Windows 2000 hosts. The workaround is to deploy the utility manually. QM001683624

Tcpvcon version later than 2.34 cannot return port information (QM001716854)

To discover port information (getProcessToConnectionMapping) from computers running Windows 2000 or earlier, you must have version 2.34 of Tcpvcon installed on them. If a more recent version of Tcpvcon has been installed on the target, you must replace it with version 2.34 to discover port information.

Version 2.34 of Tcpvcon is shipped along with the BMC Atrium Discovery Windows proxies. To replace the recent version with version 2.34, perform the following steps:

  1. On the computer running a Windows proxy, copy the tcpvcon.exe file, version 2.34, from the following location:
    C:\Program Files\BMC Software\ADDM Proxy
  2. On the target host, navigate to the location of the recent version of the tcpvcon.exe file and replace that file with the version 2.34 file that you have copied.
  3. Run discovery again.

If a recent version of Tcpvcon is installed on a remote host, execution of the Tcpvcon command on the BMC Atrium Discovery appliance will fail and display the following timeout error message in the Windows proxy debug logs of the host:

RemQuery(): user = TSL\admintest: Timed out status = FAILURE

The timeout error will be reported because recent versions of Tcpvcon require a GUI-based end-user license agreement (EULA) to be confirmed when it is run for the first time. If you confirm the EULA on the host either manually or by using the accepteula switch, the Tcpvcon command is invoked successfully. However, as BMC Atrium Discovery does not support recent versions of Tcpvcon, parsing of the command output will fail and the following error message will be displayed in the log:

Failed to parse command output status = FAILURE

Scanning a real host previously scanned using pool data (6079)

When you upload scanner files to the appliance and run it in playback mode, .no-expiry files are
created for each IP address. This means that this pool data will not be deleted at the next scan, and
subsequent discovery runs will operate by playing back the pool data rather than by scanning the real IP
address. This is true if the appliance is operating in Record or Playback mode.
If you subsequently attempt to scan the real IP address, the pool data will not be updated if the .no-expiry file is present.
If you are scanning an IP address and it is not being updated, you should check the pool data for existence of a .no-expiry file and delete it. The pool data structure is:

/var/pool/xx/xx/xx/xx/.no-expiry
/var/pool/xx/xx/xx/xx/<data>

where /xx/xx/xx/xx is the IP address of the host.

For more information on scanning hosts from scanner files and how to handle pool data, see Using scanner files.

Reinitializing the model (tw_model_init)

You can reinitialize the model by running the tw_model_init command. You must stop all tideway services before running the command. Restart the services when the command has completed. The tw_model_init utility can also install and activate a TKU after deleting the datastore. The TKU package must be stored on the appliance filesystem. For more information on using this command line utility see tw_model_init.

Concurrent lock attempts can lock all users from editing the port scan settings

In the port scanning page, if a user locks it for editing and another user subsequently tries lock it, the second user's attempt fails. If the user who successfully locked the page cancels the operation and leaves the page, it remains locked for the unsuccessful user, and on refresh for the successful user too.

Changes to user group memberships

If the privileges of a BMC Atrium Discovery user are extended by changing the user's group memberships, then these changes may not take effect for up to 5 minutes. However if privileges are withdrawn from the user these changes take immediate effect.

ECAError nodes show tracebacks of the error that occurred

This could cause concern during ethical hacking tests but is not actually a problem because the code shown is from patterns, which are already visible to the user, not internal to the product.

Third-party applications depending on Tideway security must be run after the security service has started

If third-party applications that depend on the Tideway Security Service are run before it has completed initialization, they will fail as you cannot validate permissions and users from the Security Service.
Ensure that the Tideway Security service has completed initializing before running third-party applications.

NDD discovery interface support

NDD discovery does not support trp interfaces.

Computer CIs do not always reconcile correctly

On certain UNIX systems, BMC Atrium CMDB cannot reconcile the same Computer System CIs from the BMC Performance Management (BPM) and BMC Atrium Discovery datasets. If the <hostname> command is not configured correctly on these systems, the command returns the fully qualified domain hostname (FQDN) instead of just the host name, resulting in duplicate Computer System CIs in the BMC.ASSET dataset.

Possible solutions include correcting the command output on the affected system, or disabling reconciliation with data from BPM. If you are unsure, contact your Customer Support representative to discuss additional options.

Record data should not be processed with tools that change line endings

BMC Atrium Discovery stores record data in UNIX and DOS formats. UNIX format files have LF line endings, and DOS format file have CR LF line endings. If you process the record data with a tool that changes line endings, you will see exceptions in the Discovery logs.

WMI might report incorrect memory

WMI may report the physical memory available on Windows hosts incorrectly.

WMI arguments may be truncated

In unusual situations the first argument to a process may not be reported to discovery by the target Windows host. This happens when a Windows process was created with CreateProcess with the ApplicationName parameter specified but without the module name used as the first argument passed in the CommandLine parameter.

Home directory of discovery user on target computer must not be read-only

The home directory of the user that is used for discovery on target hosts must not be read-only. If it is read-only, scripts (such as which on Solaris 9 and 10 hosts) that write to the home directory will fail.

Solaris 10 truncates process information for non-privileged users

In Solaris 10 /usr/ucb/ps will now only output the first 79 characters of commands unless it is run as root. The reason for this change is to prevent the inadvertent leak of private process data. Where process information is truncated, Discovery will be incomplete for that host.
You must add the proc_owner right for the user account used for discovery, for example, the my_solaris_account user. To do this and retain all of the default privileges, as root, enter:

usermod -K defaultpriv=file_link_any,proc_info,proc_session,proc_fork,
proc_exec,proc_owner my_solaris_account

No spaces are permitted in the defaultpriv argument.

Solaris 8 and 9

Patches have been rolled out to replicate this behavior on Solaris 8 and 9.

  • Solaris 8 patch – 109023-05
  • Solaris 9 patch – 120240-01

To workaround this, you should deploy sudoers privileges for /usr/ucb/ps.

Solaris 8 and ifconfig

In Solaris 8 there are two ifconfig binaries:

  • /sbin/ifconfig
  • /usr/sbin/ifconfig
    In all versions of Solaris other than 8, there is a single binary and a symbolic link.

The default path statement set by BMC Atrium Discovery ensures that /sbin/ifconfig is called first. In Solaris 8 this is the incorrect version, /usr/sbin/ifconfig must be run to obtain the correct information. To ensure this is the case, edit the ifconfig discovery script to specify the full path to ifconfig:

IFCONFIG=`PRIV_IFCONFIG /usr/sbin/ifconfig -a 2>/dev/null`
echo "$IFCONFIG"

Do not modify the path statement to correct this issue as that will cause other problems.

Process information truncated in AIX

On AIX the ps command limits output to the horizontal screen size. This can be overridden using the COLUMNS environment variable, though the maximum permissible value for this is 2047.
Piping the output of the ps command through cat removes the columns restriction on AIX hosts with a May 2007 Service Pack.

OpenVMS support

Support for OpenVMS is limited to systems running the native vendor TCP stack.

IP address change requires appliance restart

Where the IP address of the appliance is changed, for example, by DHCP or a manual change, the appliance must be restarted.

"<attrib> = None" construct in WHERE clause not supported

The Search Service uses a number of Python constructs. However, the "= None" construct should not be used to recognize undefined values. For example, the following query does not work and returns nothing:

SEARCH SoftwareInstance
   WHERE version = None

You should state explicitly that you are looking for an undefined attribute. For example:

SEARCH SoftwareInstance
   WHERE name HAS SUBWORD "Web"
   AND NOT version IS DEFINED
and
SEARCH SoftwareInstance
   WHERE NOT version IS DEFINED

Processor type correctly reported only by non-srvinfo access methods

Processor type is correctly reported when using WMI and non-srvinfo Discovery methods. However if you discover the same host with srvinfo then it is reported incorrectly.
Ensure that the WMI or non-srvinfo access method is enabled.

Disabling "Ping hosts" setting slows Discovery

If you disable the "Ping hosts before scanning" setting in the Discovery Configuration page, Discovery will try a number of methods before determining that there is no device at that IP address. If pinging is enabled, Discovery determines that there is no device immediately.

AIX user password must be changed by user after creation by root

On AIX, when a user password is changed by the root user, that password must be changed by the user at the next log in. If the password is not changed and Discovery is attempted using that user name and password, it fails when prompted to change the password.
To prevent this from happening, if you are the root user and add a new user, log in as that user and change the password.

SNMP credential does not validate IP address key

When adding or editing a login or SNMP credential, the IP Address key does not validate the format. You are permitted to enter special characters, alphanumeric, and invalid IP address formats (172.17.1.3.3.4). Only enter valid IP addresses.

Manual cron changes are overwritten

If a cron job is manually edited this will not be noticed, and any change will be silently thrown away. This could be an issue where a manual change is made by someone not realising there is a cron management process.
The script should be scheduled using the cron feature (in $TIDEWAY/etc/cron/) as the tideway user.

Do not run service tideway status as root

Running the service tideway status command as root will cause the ownership of the database log files to change to root. Eventually this will cause the system to fail to start.
Always run sudo service tideway status as the tideway user, never as root. That is, sudo /sbin/service tideway status.

Search facility searches hidden attributes

The search facility searches hidden attributes and system fields, even though the users cannot normally see this information.
This was observed when searching for a subnet to add relationship to from a host. The search string 127 was entered and the following two subnets were returned:

  • 192.168.115.0/24
  • 172.16.203.0/24

The search string does not appear in the subnets, but may have been found in hidden attributes associated with the subnets. This behavior can be confusing.

Modifying standard reports

If you place an updated reports.xml file on a system without stopping the tideway services, you may see a traceback in the UI. To avoid this stop the tideway services before adding a new or modifying the existing reports.xml file.

Visualization size limit (QM001711035)

There is a visualization size limit of 5631x4439 pixels. Larger visualizations could consume excessive system resources and cause instability.

Xen para-virtualized hosts discovery limitations (QM001744086)

BMC Atrium Discovery has the following known limitations in discovering the Xen para-virtualized hosts:

  • The hosts are not discovered as virtual.
  • The corresponding UUID is not correctly discovered.
  • The relationship between the Xen server and the virtual machine containers (software instances), including the virtualized hosts running on it, is not discovered.

There are no workarounds to overcome this limitation.

IBM AIX machine serial number changes when moved from one host container to another (QM001775765)

When an IBM AIX machine is moved from one host container to another, the discovered serial number of the host changes. As a result, a new host node is created and synchronized to the BMC Atrium CMDB (if CMDB synchronization is configured). The earlier host node is automatically removed through aging based on the Model Maintenance settings.
It is possible to manually destroy the earlier host node before it is removed through aging. However, manual destruction of host nodes is not recommended in production appliances. For more information, see Destroying data.

Was this page helpful? Yes No Submitting... Thank you

Comments