Page tree

Unsupported content


This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Skip to end of metadata
Go to start of metadata

You must perform the following tasks before starting the installation on a Microsoft Windows server:

Extracting the installation files  

Perform the following steps to extract the installation files:

  1. Locate the file that you downloaded from the BMC EPD site, or on media if you purchased the product with media.
    For information about the EPD site, see Downloading the installation files.

    On media, the Microsoft Windows installation files are in the \install\windows subdirectory.
  2. For either downloads or media, the file name is

    Note is a substitute for the current version, 8.5.00 in this release.

  3. Extract the archive. The following table lists the files contained in the download:

    Files contained in the download




    The main installation executable


    Compressed Java archive that contains installation files


    Main installation files


    Installation maintenance utility used for various tasks. See Running the Maintenance and Cleanup tools.


    Installation cleanup utility used for various tasks. See Running the Maintenance and Cleanup tools.

 Back to top

(Optional) Creating a user account on a Windows server

The BMC Network Automation installation on a Microsoft Windows server requires a user account (for example, bcan). This account is referred to as the BCAN_USER account. You can create this account either before installation or during installation.

The user account cannot be an administrator account and must have privileges to log on locally.

This account would own all the installed files in BCAN_HOME and BCAN_DATA. It would also be used to initialize and run the embedded postgres service, if you use that option.


You can optionally use the BCAN_USER account for FTP and SCP file transfers. For more information about remote device agents and FTP/SCP file transfers, see Administering remote device agents.

To create the BCAN_USER account and assign the required permissions

  1. Log on as an Administrator. The BCAN_USER account must be a local account. Create the BCAN_USER account under Control Panel > User Accounts as a Limited account. Assign a password to the account.


    BMC strongly recommends not using the at sign (@) in the password. Some device file transfers might fail because they use the user:password@host/file format. If the password contains an at sign, the file transfer treats all characters after the at sign as the host name.

  2. Go to Control Panel > Administrative Tools > Local Security Policy.
  3. Verify that the BCAN_USER account is permitted to log on locally.
  4. Add BCAN_USER to Local Policies > User Rights Assignment > Allow log on locally.
  5. Remove BCAN_USER from Local Policies > User Rights Assignment > Deny logon locally.
    Note that BCAN_USER might need to be added to the Remote Desktop Group if the installation and upgrades are be done using a Remote Desktop Connection.
  6. The BCAN_USER account must have access to the TFTP, FTP, and SCP directories. This access is the default for a newly created account in Windows.
  7. Log off as Administrator.
  8. You must log on using the BCAN_USER account to ensure that the home directory C:\Documents and Settings\bcan (for Windows 2003 installations) or C:\Users (for Windows 2008 installations) and profile are created. If the home directory is not created, the installation fails.

    This step also confirms that the BCAN_USER account has the required user policy rights.
  9. While logged as BCAN_USER, open a command prompt and type echo %USERDOMAIN%.
    The response to this command is the domain where the BCAN_USER account is validated. During installation you are asked to provide this value.
  10. Log out as BCAN_USER and log back in as Administrator.
  11. You must ensure that Secondary Logon, the Windows service is started and has the Startup Type set to Automatic. Go to Control Panel > Administration Tools > Services. Verify that the  Secondary Logon service is started and has the Startup Type set to Automatic.

 Back to top

Checking required disk space on a Windows server

Installation of the BMC Network Automation Server requires approximately 1.2 GB of free disk storage on a Microsoft Windows server.

Do not install the software on a networked drive. You must install the software on a local drive.

Installing .NET 3.5 for TFTP server

To use TFTP as the file transfer protocol for devices, you must install Microsoft .NET Framework 3.5.x. To install the .NET Framework specific to your OS, see

Determining whether to install FTP or SCP on a Windows server

If you plan to use File Transfer Protocol (FTP) or Secure Copy (SCP) for device configuration and software image management, install the FTP server (see Installing an FTP server on Windows) and the SSH/SCP server (see Installing an SSH and SCP server on Windows) per the installation instructions specified before making a configuration snapshot. The software installs a Trivial FTP (TFTP) server only on Windows platforms as part of its installation process.

 Back to top

Checking security software

If your server is running any security software (such as a firewall, anti-malware, anti-virus, or intrusion protection software) you need to ensure the software does not interfere with any of the applications installed by BMC Network Automation.

Ensure all of the following:

  • Blocked ports: If you are running the built-in Microsoft Windows firewall or any third-party firewall on the server, you must ensure that all ports that might be required by the software (for example, syslog, TFTP, SSH, FTP) are not blocked.
    For more information about how to configure Windows firewall ports used by BMC Network Automation, see Troubleshooting Windows firewall ports.
    If you are deploying any remote device agents, you must ensure that the RMI port (default 1099) specified during the installation of the remote device agent is not blocked by any firewall.
    All other security software, such as anti-virus or malware software, must also be configured to ensure that no ports are blocked that might be required by the BMC Network Automation web server or file transfer services.
  • TFTP server: Many security software packages can block or quarantine a TFTP server as malware because TFTP is an insecure protocol. Note that installing the TFTP server is an option during the BMC Network Automation installation procedure.
  • BCAN_DATA directory:
    • File scanning: If an anti-virus software package is installed on the server, set it to exclude virus checking on the BCAN_DATA directory. Otherwise, every file transfer from a device (for example, configuration file backup) is run through the virus checker.
    • File permission changes: Anti-virus software also needs to be excluded from scanning the BCAN_DATA directory to prevent file permissions on Postgres database files from being altered. Failure to do so can cause database corruption.
    • Locking database files: Ensure that there no application running on the server can lock BCAN_DATA data files, such as file-level backups, because file-level locks can cause database corruption.

Back to top

Enabling Windows 8.3 file names

To successfully install the application server and remote device agent, you must enable Microsoft Windows 8.3 file names before the installation. Perform the following steps to verify or enable Windows 8.3 file names:

  1. Verify whether the Windows 8.3 file names feature is enabled: In a Windows command prompt enter fsutil behavior query disable8dot3.
    • If the output is disable8dot=0, then Windows 8.3 file names are enabled.
    • If the output is disable8dot=1, then Windows 8.3 file names are disabled. Continue with the next step to enable Windows 8.3 file names.
  2. In a Windows command prompt, enable Windows 8.3 files names by entering fsutil behavior set disable8dot3 0.
  3. Restart Windows.


Back to top

Disabling data execution prevention

Perform the following steps to disable DEP on Windows:

  1. Select Start > Control Panel, and open the System utility.
  2. Select the Advanced tab.
  3. In the Performance area, click Settings.
  4. Select the DataExecutionPrevention tab.
  5. Verify that the Turn on DEP for all programs and services except for those I select option is selected.
    Select the appropriate option, step 6 or step 7.
  6.   If Turn on DEP for all programs and services except for those I selectis selected, then add the installation program to the list:
    1. Select Add.
    2. Browse to the directory where you extracted the installation files in Extracting the installation files, select the installation application, setup.cmd, and then click Open.
      The selected program is added to the DEP program area.
    3. Click Apply, and then click OK.
    4. In the dialog box that informs you that you must restart your computer for the setting to take effect, click OK.
  7.   If Turn on DEP for all programs and services except for those I select is not selected, Click OK to close System Properties.

    If you do not correctly configure the DEP feature and terminal services, when you run the installer a wizard panel appears indicating that you need to handle these issues.

 Back to top

Updating Windows Terminal Services options 

Microsoft Windows Terminal Services configuration options need to be updated. Perform one of the following tasks depending on your OS version:



Windows 2003

  1. Select Start > Run.
  2. Type tscc.msc, and then press Enter or click OK.
  3. Go to Server Settings. Set Delete temporary folders on exit to No.
  4. Set Use temporary folders per session to No.
  5. Restart Windows. If the settings do not take effect perform the following steps:
  6. Select Start > Run.
  7. Type regedit, and then press Enter or click OK.
  8. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSetControl\Terminal Server.

  9. Change DeleteTempDirsOnExit and perSessionTempDir to 0.
  10. Restart Windows.

Windows 2008

  1. Select Start > Run.
  2. Type gpedit.msc, and then press Enter or click OK.
  3. In the Group Policy window, go to Computer Configuration > Administrative Templates > Windows Components > Terminal Services > Temporary Folders.
  4. Enable Do not use temp folders per session and Do not delete temp folder upon exit.
  5. Close the Group Policy window.

Windows 2008 R2

  1. Select Start > Run.
  2. Type gpedit.msc, and then press Enter or click OK.
  3. In the Group Policy window, go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Temporary Folders.
  4. Enable Do not use temp folders per session and Do not delete temp folder upon exit.
  5. Close the Group Policy window.


 Back to top

Configuring databases for Windows

The topics on this page describe how to configure PostgreSQL, Oracle and Microsoft SQL Server databases, and Microsoft SQL databases for Microsoft Windows.

Configuring PostrgreSQL database encoding

If you use a remote PostrgreSQL database, it must be initialized with UTF-8 encoding. Specify the -encoding UTF-8 option when you initialize the database.

Configuring Oracle and SQL Server databases

Read the topics in this section to understand the tasks that you need to perform on Oracle and SQL Server databases before installing the product on a Windows computer.

SQL Server database user account

BMC recommends creating a user account for use only by BMC Network Automation. BMC Network Automation strictly prohibits using the sa user account.

SQL Server database schema

BMC recommends creating a new schema for BMC Network Automation objects. Confirm that the user login properties has mapping to a user-defined schema.

SQL Server isolation level

On the SQL Server, change the isolation level of the BMC Network Automation database to READ COMMITTED SNAPSHOT.

SQL and Oracle database user account privileges

The BMC Network Automation Oracle or SQL Server user account must be granted the following privileges:



Oracle or SQL Server

  • Create, alter, or drop tables
  • Create, alter, or drop indices
  • Create, alter, or drop constraints
  • Create, alter, or drop views
  • Insert, update, or delete rows

Oracle user naming conventions

When creating database users for the BMC Network Automation installation, ensure that the user names meet these requirements:

  • User names contain upto 30 characters.
  • User names contain only alphanumeric characters from your database character set and the underscore (_), dollar sign ($), and pound sign (#).
  • User names do not contain hyphens (-).
  • Oracle Database reserved words are not used as user names. 

For more information about naming database users, see the guidelines and rules stated for the non-quoted identifiers in the Schema Object Names and Qualifiers section in the Oracle documentation.

Oracle RAC data file path

If your database is an Oracle Real Application Cluster (RAC) using Automatic Storage Management (ASM) to manage the data file, the path to the data file must use the following format:




For example, if the data space name in your Oracle RAC environment is named DATA, you would enter +DATA.

Oracle RAC databases that are not using ASM should use the standard format, the absolute file path to the database data file.

Configuring Microsoft SQL databases

When performing a fresh installation and selecting the Create New Database option, ensure that the SQL Server service log-on account is Local System Account.

 Back to top

Checking IPv6 configuration on Windows

If you are installing the BMC Network Automation server or remote device agent on a Microsoft Windows host computer that has both IPv4 and IPv6 protocols, confirm that the DNS is properly configured.

Run the nslookup command and confirm that both IPv4 and IPv6 addresses are configured, as shown in the following example:

Windows nslookup to verify IP addresses


C:\Users\Administrator>nslookup -type=any vw-pun-bpm-qa05
Address: 2001:500:100:1100:4d27:9d12:e995:5e59    internet address =    AAAA IPv6 address = 2001:500:100:1100:250:56ff:f

Back to top