Use this Knowledge Script to remotely update the security key information on your managed Windows computers in an AppManager site if you are using encrypted communication or authentication and encryption to secure communication between management servers and managed clients.
Within an AppManager site, all management server computers and managed Windows clients must use the same security key information. This key information is stored in the repository and extracted from the repository into an encrypted and password‑protected agent key file. You can then use this script to distribute this password-protected key file to remote agents. If the AppManager repository has different key information than an AppManager agent, agent will not be able to decrypt information from the management server and communication will fail.
NOTE:Use this script only to distribute the key file to managed Windows clients. You must create the key information and the agent key file separately before using this script. In most cases, you create key information when you install the AppManager repository or manually using the NQKeyGenWindows utility. If you have an existing key file generated by the NetIQ Encryption utility (rpckey.exe) in a previous release, you can continue to use that key file and distribute it to AppManager 7.x agents, if needed, until you are ready to replace the old key file with one generated with the NQKeyGenWindows utility.
After you distribute an updated key file to all of the Windows agents, including the agent on the management server computers within your site in your site, you will experience a temporary loss of communication between the management server and the agents. To have the management server receive the new security key information from the repository database and resume communication with the updated Windows agents, you must stop and restart the NetIQ AppManager Management Service (NetIQms).
NOTE:If you already distributed an AppManager 7.x key file to your Windows agents, you can use the same key file for both Encrypted and Encrypted and Authenticated communication. You do not need to re-key your Windows agents to change the security level for those agents.
For more information, see “Using Secure Communication for Windows Agents” and “Key File Utility for Windows Agents” in the Administrator Guide for AppManager. For more information about configuring security after an AppManager upgrade, see the Upgrade and Migration Guide for AppManager.
Windows 2003 Server or later
The default interval for this script is Run once.
Set the following parameters as needed:
|
Parameter |
How to Set It |
|---|---|
|
Location of key file |
Provide the full path to the agent key file. For example: C:\temp\nqWindowsPublic0.key To specify some other computer in the environment rather than the target computer, type the UNC path to the file. For example, if the key is stored in the E:\Temp folder on the computer zebra: \\zebra\e$\temp\nqWindowsPublic0.key |
|
Encryption password |
Provide the password you specified when you created the agent key file. The characters that you type appear as asterisks to protect your password. |
|
Raise event if the update succeeds? |
Set to y to raise an event when the key is successfully updated on the target computer. The default is y. |
|
Event severity when the update succeeds |
Set the event severity level, from 1 to 40, to indicate the importance of a successful registration of the management server. The default severity level is 25 (blue event indicator). |