HP OpenVMS Systems

HP Advanced Server V7.3B for OpenVMS
Release Notes

Advanced Server V7.3B for OpenVMS supports NTLMV2 authentication though it does not support NTLMV2 session security. For more information about NTLMV2 authentication, refer to Microsoft Knowledge Brief:

http://support.microsoft.com/kb/823659/en-us

The LAN Manager authentication level can be specified using the registry parameter LMCompatibilityLevel as follows:

$ @SYS$STARTUP:PWRK$DEFINE_COMMANDS.COM
$ REGUTL SET PARAMETER LSA LMCOMPATIBILITYLEVEL[desired value between
0 to 5] /CREATE

Once the registry parameter is created, the /create qualifier need not be used to modify the parameters again.

By default, LMCompatibilityLevel is set to 0 on Advanced Server. If LMCompatibilityLevel is set to 5 on Advanced Server, ensure that LMCompatibilityLevel is set to 3 or more on all clients connecting to Advanced Server. Otherwise, connections will fail.

2.2 New Features Provided by Advanced Server V7.3A-ECO4 for OpenVMS

Advanced Server Version 7.3A-ECO4 packages, in its PCSI kit, the following new images to support the changes done in OpenVMS Alpha Version 8.2:

• PWRK$CSSHR_V8.EXE
• PWRK$LOADSTREAMS_V8.EXE
• PWRK$STREAMSOS_V8.EXE
• PWRK$STREAMSSHR_V8.EXE
• SYS$PCFSDRIVER_V8.EXE
• SYS$PCIDRIVER_V8.EXE

These new images would be installed on OpenVMS Alpha systems running V8.* versions. When Advanced Server Version 7.3A-ECO4 kit is installed on other supported OpenVMS Alpha systems (Version 7.3-1 and Version 7.3-2), the *_V7 versions of the above mentioned images are copied to the appropriate directories.

2.2.2 NT ACME: New Images for External Authentication on OpenVMS I64 Version 8.2

Advanced Sever Version 7.3A-ECO4 PCSI kit packages the following new ACME images, for use with OpenVMS I64 Version 8.2:

1. PWRK$ACME_MODULE_IA64.EXE
2. PWRK$MSV1_0_ACMESHR_IA64.EXE

In order to access these new images, the users could choose to install the full Advanced Server or just the External Authentication Software.

Users should copy these files to the SYS$COMMON:[SYSLIB] directory on their Itanium system:

$ COPY PWRK$ACME_MODULE_IA64.EXE -
SYS$COMMON:[SYSLIB]:PWRK$ACME_MODULE_IA64.EXE/PROT=W:RE

$ COPY PWRK$MSV1_0_ACMESHR_IA64.EXE -
SYS$COMMON:[SYSLIB]:PWRK$MSV1_0_ACMESHR_IA64.EXE/PROT=W:RE

After copying these files, the users should define the following logical name in SYS$STARTUP:SYLOGICALS.COM:

$ DEFINE/SYS/EXEC PWRK$MSV1_0_ACMESHR -
SYS$SHARE:PWRK$MSV1_0_ACMESHR_IA64.EXE

As with VAX and Alpha, the user will need to add $@SYS$STARTUP:PWRK$ACME_STARTUP to SYS$STARTUP:SYSTARTUP_VMS.COM. PWRK$ACME_STARTUP.COM defines the PWRK$ACME_MODULE logical name, based on the architecture type, which points to PWRK$ACME_MODULE_<arch>.EXE for VAX, ALPHA, and I64.

With the addition of PWRK$MSV1_0_ACMESHR_IA64.EXE in the kit, the pre-existing Alpha image PWRK$MSV1_0_ACMESHR.EXE has been renamed to PWRK$MSV1_0_ACMESHR_ALPHA.EXE, for the sake of consistency.

On your Alpha systems, please define the following logical name in SYS$STARTUP:SYLOGICALS.COM:

$ DEFINE/SYS/EXEC PWRK$MSV1_0_ACMESHR -
$ SYS$SHARE:PWRK$MSV1_0_ACMESHR_ALPHA.EXE

Prior to Advanced Server Version 7.3A-ECO3, the Windows NT-style printing was limited to 100 printers per server. The bottleneck with V73A-ECO2 server, when it comes to SpoolSS, is the large number of accesses to the OpenVMS registry, which has a relatively poor performance. Previous versions of Advanced Server used a limitation of 100 printers per server, beyond which the performance would drop dramatically. Advanced Server Version 7.3A-ECO3 supports larger number.

Advanced server Version 73A-ECO3 uses a "SpoolSS cache" (small registry cache) specifically for SpoolSS printing. "SpoolSS cache" reduces the number of real registry accesses considerably, resulting in an improved performance and scalability.

The "SpoolSS cache" is initialized during server startup and is enabled by default.

To disable the SpoolSS cache completely the following setting should be used in PWRK.INI, followed by a server restart:

[LMSRV]
     SPOOLSS_CACHE_ENABLED = NO

A few performance measurement points have been added to monitor the caches behavior.

PWMON COUNT/KEY=SPL has a few fields to track the number of cache misses, cache hits, and cache invalidations.

PWMON VALUE/KEY=SPL will show the number of bytes occupied by all cache entries and the total number of cache entries in the LRU

The "SpoolSS cache" implementation keeps the registry keys open for each printer and driver throughout the lifetime of the server. This occupies 32 to 48 bytes in P1 space. Therefore HP recommends to increase the SYSGEN parameter CTLPAGES with (approximately) one page for every 10 entries in the registry. So, with 1000 printers and drivers CTLPAGES must be increased by number 100.

2.3.2 Using a Tattoo Character to Generate Alias File Names

By default, alias file names are generated by retaining the first character of the file name. Instead, a tattoo character can be used to generate alias file names which would simplify the process of alias file name look up. Hence, the three new PWRK.INI parameters are introduced to generate an alias file name with a tattoo character.

To enable the usage of a tattoo character in alias file names, add the following line in PWRK$COMMON:PWRK.INI file:

[ODS2]
    USE_ALIAS_FILENAME_TATTOO = YES

To specify which tattoo character to use while generating the alias file name, add the following lines in PWRK$COMMON:PWRK.INI file. Tattoo character can be any unique character. Consider "{" to be the tattoo character. Define the following parameter as shown below:

[ODS2]
    ALIAS_FILENAME_TATTOO_CHAR = {

To specify in which position to use the tattoo character while generating the alias file name, add the following lines in PWRK$COMMON:PWRK.INI file. The position can range from 0 to 7. As an example, it is defined as "0" as shown below:

[ODS2]
    ALIAS_FILENAME_TATTOO_POS = 0

The Advanced Server should be restarted after adding the entries in PWRK.INI file.

2.3.3 Support for "RestrictAnonymous" Registry Key Through REGUTL

REGUTL now supports creation/modification of RestrictAnonymous registry key. This key is defined to 1 to restrict anonymous users.

The Advanced server should be restarted to reflect the changes.

2.3.4 Support for "tokensidlimit" Registry Key through REGUTL

With Advanced Server Version 7.3A-ECO3, the "tokensidlimit" registry key can be changed/modified through REGUTL.

The Advanced server should be restarted to reflect the changes.

2.3.5 Support for adding "ODS2_DISABLE_ALIAS_FILENAMES" in PWRK.INI File

To enable/disable alias file names, the logical PWRK$TEMP_ODS2_DISABLE_ALIAS_FILENAMES has to be defined. But there was no corresponding INI parameter to do the same job. Now customers who want to enable/disable the alias file names can do so through INI file. By default, DISABLE_ALIAS_FILENAMES is set to NO. To disable alias file names, add the following two lines to PWRK$COMMON:[000000]PWRK.INI file:

[ODS2]
    DISABLE_ALIAS_FILENAMES = YES

The Advanced Server should be restarted after adding this entry in PWRK.INI file.

2.4 New Features Provided by Advanced Server V7.3A-ECO2 for OpenVMS

The user's account SID from the local NT domain is stored in the user's account in the Active Directory of the Windows 2000 domain. The field in Active Directory which stores the user's NT domain SID is referred to as SIDHistory.

SIDHistory allows the user to log on to their account in the Windows 2000 domain and still retain access to resources in the NT domain without the administrator having to re-permit all resources using the user's account in the Windows 2000 domain.

When the user logs on to the Windows 2000 domain, the SID in the SIDHistory field is included in their access token, thereby allowing them continued access to resources in the NT domain.

Advanced Server now understands and includes support for SIDHistory through SAM validation information level 2.

Instructions for upgrading Advanced Server users and groups to Active directory using ADMT tool:

1. Add a Windows NT server to the Advanced Server domain as backup domain controller (BDC).
2. Synchronize the databases with primary domain controller (PDC).
3. Promote Windows NT BDC to PDC.
4. Upgrade the users and/or groups using ADMT tool.

For more information about how to set up ADMT for Windows NT 4.0 to Windows 2000 Migration, see the Microsoft article at the following location:

http://support.microsoft.com?kbid=260871

When the system crashes, or a system dump is needed for a problem, the amount of information contained in the dump file depends upon the dump style that is set.

$MCR SYSGEN SET DUMPSTYLE 9

If the dump style has been set for selective dump, then the dump file might not have the required information about the Advanced Server processes.

The Advanced Server now makes use of OpenVMS system dump priority for PWRK$LMSRV, PWRK$LMMCP, and PWRK$LMBROWSER for Operating System versions equal to or greater than V7.2-2. For OpenVMS Versions greater than 7.3-1, dump priority feature is added for all Advanced Server processes. With this feature, asking customers for full dump of a system could be avoided.

2.5 New Features Provided by Advanced Server V7.3A for OpenVMS

The main new features provided by Advanced Server V7.3A for OpenVMS include the following:

• Enhanced compatibility with the latest Microsoft Windows operating systems, including Windows 2000 servers and clients and Windows XP Professional clients.
• Support of opportunistic locking to allow clients to cache data locally, providing performance improvements and reducing network traffic related to client/server communication.
• Improved performance, with new and improved caches and cache algorithms, with a reduction in buffered I/O, and a reduction of OpenVMS lock traffic (the latter feature especially improves performance on clusters).
• Support of dynamic purging and reloading of the NetBIOS name cache, and the ability to display the name cache contents --- similar to the NBSTAT capabilities provided on some Microsoft clients. For more information, see Section 3.14, NBSHOW: Purging, Reloading, and Displaying the NetBIOS Name Cache (KNB).
• Improved support for TCP/IP multihomed hosts (having multiple interfaces).
  If the Advanced Server system has more than one network adapter (also referred to as a network interface card), the default adapter chosen by the Advanced Server must be the correct interface. If TCP/IP is running on multiple network adapters, the Advanced Server uses only one of those interfaces. Prior to Version 7.3-ECO2 of the Advanced Server for OpenVMS, you had to make sure the adapter you select for the Advanced Server's TCP/IP transport corresponded to the first IP address in the TCP/IP local hosts database (as seen by executing the TCPIP SHOW HOST command). Otherwise, the Advanced Server might use an IP address of a different network interface than that associated with logical PWRK$KNBDAEMON_DEVICE. Now, you no longer need to make sure the selected adapter corresponds to the first IP address in the local hosts database.
  On TCP/IP hosts with multiple interfaces, you can ensure that the Advanced Server uses the IP address of the same interface as defined by logical PWRK$KNBDAEMON_DEVICE. You can do this by defining the IP address of that interface with the logical PWRK$KNBDAEMON_IPADDR.
  Thus, for TCP/IP hosts with multiple network interfaces, you must define both the PWRK$KNBDAEMON_DEVICE and the PWRK$KNBDAEMON_IPADDR logical. If both logicals are not defined, the server will not start and an error message will be displayed, indicating that both must be defined.
  On hosts with a single network interface only, neither logical should be defined except when a device is new and not yet known to the Advanced Server. In this case, define both logicals.
• Support for RMS stream_LF format files. The Advanced Server for OpenVMS now supports RMS stream_LF format files in addition to stream, fixed, and undefined formats. For more information, see Section 3.23, RMS File Formats.

This section describes some of the main features provided by the Advanced Server for OpenVMS, beginning with the most recent enhancements.

2.6.1 Windows 2000 Support

The Advanced Server provides the following Windows 2000 support:

• Support of Windows 2000 clients
• Support of Windows 2000 domain controllers in the same domain as the Advanced Server
  The Advanced Server can participate in pure (native) Windows 2000 domains as a member server (for more information on member server support, see Section 2.6.4, Member Server Support). The Advanced Server can participate in Windows 2000 mixed-mode domains as a backup domain controller or member server. (A Windows 2000 mixed-mode domain contains at least one Windows 2000 domain controller plus one or more Windows NT or HP Advanced Server domain controllers.)

For more information about Windows 2000 domain support, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide. For related restrictions, see Section 13.6.2, Restrictions Applying to Windows 2000 Only.

2.6.2 Windows 2003 Support

The Advanced Server provides the following Windows 2003 support:

• Support of Windows 2003 domain controllers in the same domain as the Advanced Server.

The Advanced Server can participate in Windows 2003 domains as a member server (for more information on member server support, see Section 2.6.4, Member Server Support). The Advanced Server can participate in Windows 2003 interim domains as a backup domain controller or member server. (A Windows 2003 interim domain contains at least one Windows 2003 domain controller plus one or more Windows NT or HP Advanced Server domain controllers).

For more information about Windows 2003 domain support, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide. For related restrictions, see Section 13.6.1, Restrictions Applying to Windows 2000, Windows 2003 and Windows XP.

2.6.3 Windows XP Professional Support

This release of the Advanced Server for OpenVMS product supports connections from Windows XP Professional clients. For information on restrictions regarding Windows XP support, see Section 13.6.3, Restrictions Applying to Windows XP Only.

2.6.4 Member Server Support

The Advanced Server for OpenVMS gives you the option of configuring the server as a member server instead of a primary domain controller (PDC) or backup domain controller (BDC). As a member server, the Advanced Server for OpenVMS can participate in a Windows 2000 native-mode environment (a domain in which all domain controllers are Windows 2000 systems) or in a Windows 2003 domains (a domain in which all domain controllers are Windows 2003 systems). Windows NT member servers can also participate along with Advanced Server member servers in Windows 2000 native-mode environments and in Windows 2003 domains.

Member servers rely on domain controllers for authenticating credentials of users requesting access. Any domain controller can authenticate domain user requests to member server resources.

The PWRK$CONFIG.COM configuration procedure allows you to define the role of the Advanced Server for OpenVMS as a member server. You cannot use the ADMINISTER SET COMPUTER/ROLE command to change an Advanced Server for OpenVMS domain controller to a member server role (or vice versa) --- you must use PWRK$CONFIG. (This restriction is similar (but less restrictive) to that of Windows NT, which requires the software to be reinstalled to change a domain controller to a member server, or vice versa.)

For more information on member server support, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide. For information on restrictions relating to the member server role, see Section 13.10.4, Member Server Role Restrictions. For information on considerations while configuring Advanced Server as member server, refer to Section 3.7.1.1, Considerations When Configuring Advanced Server as Member Server of HP Advanced Server for OpenVMS Server Installation and Configuration Guide.

2.6.5 Support for Management of Advanced Server Printers from Windows NT

Previous to V7.3 of the Advanced Server for OpenVMS, print queues and print shares could only be managed locally by using the ADMINISTER command-line interface. Print queues and shared printers could not be managed remotely from Windows NT, with the exception of limited actions on print jobs, such as pausing and deleting them.

The Advanced Server for OpenVMS can now allow administrators, print operators, and server operators on a Windows NT Server or workstation to add and manage printers defined on the Advanced Server. These Windows NT users can manage and conceptualize printers in Windows NT-familiar terms --- they manage printers, print queues, printer ports, and the associated parameters defined in each printer's OpenVMS Registry entry.

You must reconfigure the server to change the default so that Advanced Server printers can be managed from Windows NT. By default, print queues and print shares on the Advanced Server are managed locally by use of the ADMINISTER command-line interface. The PWRK$CONFIG configuration facility gives the following new configuration option:

10. Enable NT style printing:

The remote management of printers defined on the Advanced Server, referred to as the Advanced Server's Windows NT-compatible printers, includes the following features:

• Simple management of Advanced Server shared printers by using the Windows NT print services dialog boxes.
• When adding a printer to the Advanced Server, the Windows NT Add Printer Wizard installs the required drivers for the printer on the server; these drivers are provided by the administrator (such as from the Windows NT installation CD-ROM). When a client is set up to use the printer, these drivers are available for downloading. Administrators can store the latest drivers for the printers on the Advanced Server. When new drivers are distributed, administrators have to update a single location only. When client users set up printers to use from their workstations, they are able to download the appropriate printer driver automatically.
• Use of Windows NT access permissions for Advanced Server shared printers.

For more information on configuring Windows NT management support for Advanced Server printers, refer to the HP Advanced Server for OpenVMS Server Installation and Configuration Guide. For information on restrictions relating to Windows NT printer management support, see Section 13.7.8, Windows NT Printer Management Restrictions. For more information on managing Advanced Server printers from Windows NT, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide.

2.6.6 Support of Alias File Names

To enable compatibility with legacy applications (such as MS-DOS) whose file naming conventions are more restricted than those used by the Advanced Server, the Advanced Server for OpenVMS now creates MS-DOS-compatible alias file names for shared files whose names do not conform to the MS-DOS format. As a result, client applications that must use, or choose to use, the MS-DOS format for file names, can access these shared files on the server by using the file's associated alias file name. Clients can use either the real file name or the alias file name to access the file, depending on the client's file system.

An alias file name is also created for any file whose real name contains any extended character set characters with code point values of 128 through 255 (hexadecimal 80 through FF). This is done even when the real filename is MS-DOS-compatible (has the 8.3 format and all the characters are valid in MS-DOS file names). The Advanced Server for OpenVMS returns a file's alias name, instead of the real file name, to an MS-DOS client only if the real name is not MS-DOS-compatible, or if any extended character set character in the real name does not map to the client code page. Otherwise, the Advanced Server returns the file's real name to the MS-DOS client. For more information on support of extended character sets, see Section 2.6.7, Support of Extended Character Sets and the HP Advanced Server for OpenVMS Server Administrator's Guide. For more information on support of alias file names, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide.

Previous to V7.3 of the Advanced Server for OpenVMS, the only character set other than ASCII supported by the file server on OpenVMS systems was the 8-bit ISO Latin-1 character set (ISO-8859-1).

A client computer that supports Unicode, or which is configured to use a code page that is not related to a Western European language, can create files with characters in the file name that are not part of the ISO Latin-1 character set. However, any Advanced Server for OpenVMS previous to V7.3 could not store files using these file names.

The Advanced Server for OpenVMS can now support certain Unicode characters or extended character sets that are foreign to the Western European languages. The characters that the Advanced Server for OpenVMS can support at any time depend on the language configured for the server. Each language is associated with one of the ISO-8859 character sets supported by the Advanced Server. Each ISO-8859 character set supports one or more languages.

You can configure any one of over 40 languages. Most of the Western European languages provide support for the Euro currency symbol.

For an up-to-date list of languages that are officially supported by the Advanced Server, refer to the Software Product Description (SPD 30.50.xx).

The languages and their associated ISO-8859 character sets are a subset of the Unicode (UCS-2) character sets supported on OpenVMS ODS-5 disk structures. You configure the Advanced Server to support one, and only one, language at a time.

Support of the extended character set characters makes available a broader set of characters for objects manageable by the Advanced Server, including file names, user names, group names, and file and print share names. Each character set also applies to text strings (such as descriptions) that users can specify when managing any of these objects. Windows NT-compatible Advanced Server printer description and location fields support all Unicode characters. These characters are not supported in computer names, alias names, domain names, and trusted domain names.

For restrictions related to support of Unicode and extended character sets, see Section 13.4.14, Server Language Restrictions. For more information on Unicode and extended character sets, refer to the HP Advanced Server for OpenVMS Server Administrator's Guide.

The Advanced Server for OpenVMS now provides two new ADMINISTER commands: the SET MODE command, which allows you to determine how extended character set characters with values of hexadecimal 80 (128) or higher are handled for input and output, and the SHOW MODE command, which displays the current input and output modes in effect.

For more information, refer to the HP Advanced Server for OpenVMS Commands Reference Manual or invoke the ADMINISTER online Help.