HP OpenVMS Systems

HP Advanced Server for OpenVMS
Server Installation and Configuration Guide

This chapter describes how to set up a wide area network (WAN) using one of the TCP/IP transport software products supported by the Advanced Server for OpenVMS software.

This chapter consists of the following sections:

• Section 6.1, Enabling Wide Area Network Support
• Section 6.2, Using the LMHOSTS File in a Wide Area Network
• Section 6.3, Using WINS in a Wide Area Network
• Section 6.4, Using DNS in a Wide Area Network

The Advanced Server for OpenVMS software allows you to use one or more of the following methods for wide area network name resolution:

• LMHOSTS file
• Windows Internet Name Service (WINS)
• Domain Name System (DNS)

To use them, they must be enabled using the Configuration Manager. You can enable them through the PWRK$CONFIG.COM command procedure, which provides access to the Configuration Manager when you answer YES to the question "Do you want to change server configuration parameters." To enable one or more of the wide area network support methods, select the Transports screen and select the appropriate checkbox. Alternatively, you can run the Configuration Manager after the server is configured and started, as described in the HP Advanced Server for OpenVMS Server Administrator's Guide.

6.2 Using the LMHOSTS File in a Wide Area Network

The Advanced Server for OpenVMS software provides the ability to set up a wide area network with the TCP/IP transport through the use of the LMHOSTS file. This file contains a list of domain controllers and member servers in the same domain and also domain controllers in domains that have trusts established with that domain. The LMHOSTS file allows the Advanced Server to participate in a Windows NT wide area network as well.

Unlike a Windows NT Server, the Advanced Server does not support remote LMHOSTS files (called into the Windows NT LMHOSTS file using #INCLUDE). To include the same host names as an existing LMHOSTS file on a Windows NT Server, copy the LMHOSTS file to the Advanced Server then manually insert the entries into the Advanced Server LMHOSTS file.

To set up a TCP/IP wide area network, modify the LMHOSTS file, adding the host names and TCP/IP addresses of the domain controllers and member servers in the wide area network that are in the same domain or in domains that have trust relationships with that domain.

The LMHOSTS file must be set up on all domain controllers and member servers in the domain, unless other methods are used to resolve NetBIOS names. Make sure your Advanced Server LMHOSTS file includes entries for all domain controllers and member servers of the domain and domain controllers in domains that have trusts established with that domain.

Note the following when configuring a server that will be a backup domain controller (BDC) or member server in an existing domain: if the LMHOSTS file does not include entries for a primary domain controller (PDC) that is in a different TCP/IP subnet, your server will not be able to find that PDC. Make sure you include entries for that PDC in the LMHOSTS file before running PWRK$CONFIG to join the existing domain. Two entries are required for a PDC:

• One standard entry for the computer name of the PDC
• One entry that uniquely identifies the system as the PDC of the domain. This entry contains the domain name (space padded to 15 characters) with a 16th-byte control character of \0x1B. See the example in Section 6.2.3, LMHOSTS File Syntax.

BDCs periodically retrieve changes to the domain-wide security accounts database from the PDC. If you omit a BDC from the LMHOSTS file on the PDC, the PDC will not notify the BDC that database changes need to be retrieved. Or, if a BDC omits the necessary entries for the PDC, the BDC will be unable to locate the PDC when attempting to retrieve database changes. In either case, the BDC's database will become out of date.

You can modify the LMHOSTS file at any time. As long as the LMHOSTS file exists, users can establish TCP/IP connections to any server listed in the file.

6.2.2 The LMHOSTS Directory

You set up a wide area network by supplying the following file on all OpenVMS file servers that are in different subnets:

PWRK$LMROOT:[LANMAN]LMHOSTS.

(The LMHOSTS file has no file extension; include the final dot, as shown.)

6.2.3 LMHOSTS File Syntax

In the LMHOSTS file, create a list of nodes by specifying the following line for each node:

address NetBIOSname #PRE #DOM:domain_name

Where:

• address is an Internet address of form x.x.x.x, where x is a decimal number from 0 to 255.
• NetBIOSname is a name from 1 to 16 characters long, and may include a control character. (The format of a control character is \0Xnn or \nn, where n is a hexadecimal digit.)
  To include a nonprinting or control character, enclose the name in double quotation marks. All alphabetic characters are set to uppercase characters before the name is loaded into cache (see the #PRE directive, below) or used for matching.
  If you wish to include the 16th-byte control character in the name explicitly, you must
  • Pad the name with spaces to control the placement of the control character.
  • Enclose the name and control character within double quotes.
  
  The following are some valid NetBIOS names:

  speedy "LANDOFOZ \0x1B"

• #PRE is an optional directive that indicates that the entry should be preloaded into the cache. Entries that have the #PRE tag are preloaded into the cache when the Advanced Server first starts up. If you add a #PRE-tagged entry to the LMHOSTS file after the Advanced Server starts up, the name will not be preloaded into the cache until the Advanced Server is restarted. However, the name will be available at the next lookup of the LMHOSTS file.
• #DOM:domain-name designates the entry as a domain controller in the domain specified by domain-name. It is required when the entry is a domain controller. It should not be included on entries for member servers.
  The #DOM:domain-name directive affects how the logon and browser services behave in routed environments. It is also used in user account management and in trust relationships.

For example, the following entries should be included in the LMHOSTS file on a BDC that is not in the same IP subnet as the PDC (if the two systems are in the same IP subnet, they can resolve names using broadcasts). In this example, the PDC name is DOMPDC at IP address 10.20.30.40 in the domain LANGROUP:

10.20.30.40  DOMPDC  #PRE  #DOM:LANGROUP
10.20.30.40 "LANGROUP       \0x1B"  #PRE

The \0x1B name will be registered only by the PDC for the domain. If a BDC is promoted to PDC, the original PDC will release the \0x1B name, allowing the new PDC to register it; LMHOSTS files on other systems that contain an entry for this \0x1B name must be updated to reflect the IP address of the new PDC.

If the domain PDC is a PATHWORKS or Advanced Server for OpenVMS server running on multiple members of an OpenVMS Cluster, only one cluster member will register the \0x1B name (the first to start the NetLogon service). However, if the server stops on that cluster member, the \0x1B name will be released by that cluster member and will then be registered by another cluster member running the server. In this scenario, LMHOSTS files on other systems that contain an entry for this \0x1B name must be updated to reflect the IP address of the cluster member that has registered, and now holds, the \0x1B name. To determine the cluster member that has registered and currently holds the \0x1B name, execute the NBSHOW KNB command at the OpenVMS DCL prompt on each node of the cluster and look for the \0x1B name in the name table that is displayed. The \0x1B name will show up in the name table of only one of the cluster members. The command NBSHOW is a special Advanced Server management command that is defined in the command file SYS$MANAGER:PWRK$DEFINE_COMMANDS.COM; for more information, see Section 5.6, Special Advanced Server Management Commands.

In environments using trust relationships, the domain controllers in trusting domains must establish a secure communications channel with a domain controller in the trusting domain. This allows a user with an account in one domain to access resources provided by a domain that trusts the user's domain (called pass-through authentication). Therefore, domain controllers in the trusting domain, as well as those in the trusted domain, should list all domain controllers from the other domain in their respective LMHOSTS file. (This assumes other NetBIOS name resolution methods, such as WINS, are not being used.) Each domain controller should also include a \0x1B entry for the PDC of the other domain. In the following example, the domain LANGROUP trusts the domain CORPDOM. The LANGROUP domain consists of the following domain controllers:

The CORPDOM domain consists of the following domain controllers:

To enable the domain controllers in domain LANGROUP to locate a domain controller in domain CORPDOM, include the following entries in the LMHOSTS file located on domain controllers in domain LANGROUP:

110.5.5.5   CORPPDC #PRE    #DOM:CORPDOM
110.5.5.5  "CORPDOM        \0x1B"  #PRE
110.5.5.20  CORPBDC1 #PRE    #DOM:CORPDOM
110.10.1.1  CORPBDC2   #PRE    #DOM:CORPDOM

Similarly, to enable the domain controllers in domain CORPDOM to locate the domain controllers in domain LANGROUP, include the following entries in the LMHOSTS file located on the domain controllers in domain CORPDOM:

192.20.30.40 LGPPDC  #PRE  #DOM:LANGROUP
192.20.30.40 "LANGROUP       \0x1B"  #PRE
192.20.30.41 LGPBDC  #PRE  #DOM:LANGROUP

The #DOM directive is required in these cases. It explicitly designates the system as a domain controller in the specified domain. Note that if you include member servers in the LMHOSTS file (whether they be Windows NT or Advanced Server member servers), you should omit the #DOM directive. Member servers are not domain controllers.

6.2.4 Managing the LMHOSTS File

To change the list of available nodes, you can edit the file at any time. Domain controller entries (specified by the #DOM directive) and computer name entries without the #PRE directive are resolved by checking the LMHOSTS file dynamically. This check occurs whenever a name needs to be resolved and is not found in the name cache.

To disable LMHOSTS name resolution, rename all versions of the LMHOSTS file to any name other than LMHOSTS. Or, you can use the Configuration Manager to disable LMHOSTS name resolution. Start the Configuration Manager ($ ADMIN/CONFIG), select the Transports option, and clear the check mark next to the Enable LMHOSTS Resolution option. When you use the Configuration Manager to enable or disable LMHOSTS name resolution, the change is not dynamic; that is, the change will not go into effect until the next time the Advanced Server is started.

When you add an entry to the LMHOSTS file while the Advanced Server is running, if the entry includes the #PRE directive, the entry will not be cached permanently (as directed by the #PRE part of the entry) until the next restart of the server; however, the change is effective immedately, as it will be read dynamically when the name next needs to be resolved.

6.2.5 Using the LMHOSTS Log File

If errors occur when the LMHOSTS file is accessed, the errors are recorded in the following file:

PWRK$LMROOT:[LOGS]PWRK$KNBDAEMON_nodename.LOG

This file is open and being written to while the Advanced Server is running. To close the log file, you must stop the Advanced Server.

To prevent the log file from becoming too large, each error is logged only once --- the first time it occurs. If an error is found in the log file, it is not logged again.

6.3 Using WINS in a Wide Area Network

You can configure the Advanced Server as a WINS client. This allows the Advanced Server to use a WINS Server for NetBIOS name registration, resolution, renewal, and release in a wide area network configuration.

For more information on how to use the Configuration Manager to configure the Advanced Server to use WINS, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide.

6.3.1 Setting up WINS for OpenVMS Clusters

To allow clients that are configured for WINS support to use an Advanced Server alias name to connect to a clustered Advanced Server across a WAN, you must add to the WINS database a static multihomed entry for the Advanced Server alias name.

When adding the static multihomed entry for the Advanced Server alias name, you should enter the TCP/IP address of each node in the OpenVMS Cluster that is running the Advanced Server.

For more information about adding static entries to the WINS database, refer to your WINS product documentation.

You can configure the Advanced Server as a DNS client. This allows the Advanced Server to use a DNS server for NetBIOS name resolution. The Advanced Server uses DNS for name resolution as a last resort if all other methods fail to resolve a NetBIOS name.

For more information on how to use the Configuration Manager to configure the Advanced Server to use DNS, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide.

This chapter describes how to remove Advanced Server for OpenVMS software from your system.

If you have to reinstall the Advanced Server for OpenVMS software, you might first need to remove the Advanced Server for OpenVMS software.

For example, if the Installation Verification Procedure indicated that the software installation procedure failed, you must reinstall the software. But first you might need to remove the Advanced Server software.

• If the system has enough free disk space, you can install the server again without removing the Advanced Server.
• If the system does not have enough disk space, you must remove the Advanced Server before reinstalling it.

For more information about disk space requirements, see Section 1.8.9, Step 9: Check Disk Space Requirements.

This chapter consists of the following sections:

• Section 7.1, Advanced Server Deinstallation
• Section 7.2, Removing Advanced Server Configuration Parameters
• Section 7.3, Removing Advanced Server for OpenVMS Software
• Section 7.4, Sample Advanced Server Removal Procedure

You remove the Advanced Server using the PRODUCT REMOVE command. The removal procedure performs the following operations:

• Shuts down the server automatically.
• Prompts you to enter information necessary to complete the removal procedure.
• Attempts to start the OpenVMS Registry Server if registry services are not available.
• Removes all Advanced Server for OpenVMS images, support files, and logical names that are created during the installation procedure.
• Prompts you whether to remove all Advanced Server data files from the system. If you respond YES, it deletes the data files as well as all known Advanced Server keys and values in the OpenVMS Registry. If you respond NO, it creates a file that contains a list of all Advanced Server parameters that were in the OpenVMS Registry before removing the server software.
• Removes the Advanced Server user accounts if you delete the data files.
• Prompts you whether you want to remove clean up tools that are provided with the Advanced Server. These tools include PWRK$FIXACE and PWRK$DELETEACE. For more information about these tools, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide.
• Prompts you whether you want to save the NETBIOS image SYS$COMMON:[SYSEXE]NETBIOS.EXE (if it was installed) so that you can restore it if necessary. For example, you might discover later that it is needed by another product. (Older versions of the Advanced Server for OpenVMS and PATHWORKS for OpenVMS require the NETBIOS image.) Depending on your response to this prompt, the procedure saves or deletes several other related files. The saved files are stored in SYS$COMMON:[SYSUPD.PWRK$SAFETY].
• Removes the NETBIOS$ACCESS OpenVMS identifier, unless you choose to save the NETBIOS image.
• Removes Advanced Server DECnet objects, unless you choose to save the NETBIOS image.
• Deassigns all Advanced Server logical names.
• Removes any old Advanced Server files from SYS$SPECIFIC, such as patches, that might have been copied there.

When you remove the Advanced Server data files, the removal procedure will remove the server configuration parameters that are stored as values, and their keys, from the OpenVMS Registry.

To complete this operation, the removal procedure:

• Requires that registry services be available on the system. The Registry Server must be running on the system or in the cluster, and the registry database must be available on the system. If registry services are not available, the removal procedure will attempt to start the Registry Server. Registry services must be enabled on the system to run the Registry Server. For more information about ensuring that registry services are available, refer to the OpenVMS System Manager's Manual or the COM, Registry, and Events for OpenVMS Developer's Guide (included in the OpenVMS Documentation CD-ROM).
• Invokes the PWRK$REGUTL parameter management utility (described in the HP Advanced Server for OpenVMS Server Administrator's Guide).

To start the removal procedure and remove Advanced Server for OpenVMS software:

1. Ensure that you are logged in to the SYSTEM account.
2. Ensure that no processes are running the Advanced Server ADMINISTER command-line interface.
3. Start the removal command procedure, as follows:

   $ PRODUCT REMOVE ADVANCEDSERVER

Table 7-1, PRODUCT REMOVE Prompts, tells you how to respond to the prompts that the removal procedure displays.