nexec 1.36 only shows Start tab when logged into IM using an LDAP account
search cancel

nexec 1.36 only shows Start tab when logged into IM using an LDAP account

book

Article ID: 232030

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM) Unified Infrastructure Management for Mainframe

Issue/Introduction

We are having a problem with the nexec probe when using the Infrastructure Manager (IM). I saw this article which seems related, but it doesn't exactly match our symptoms:

https://knowledge.broadcom.com/external/article/94305/nexec-probe-shows-only-start-tab.html

In our UIM environment, if I login to IM using the local UIM administrator account, the probe displays normally. But, if I login using an LDAP (AD) user account, I only see the 'Start' tab.

The nexec probe is running on our Primary hub and the hub is configured to connect to AD using 'Direct LDAP'.  The ldap account I am using has administrator ACL permissions, including Basic Management and Execution Levels 1-3. Please let me know what may cause this problem.

    • In the nexec.log we see corruption of the DC string.
    • Customer login using a different ldap account shows the same occurrence of corruption of the DC but with different special characters.
    • Both users are in the same LDAP group.

nexec.log

Jan 10 12:55:29:337 [70668] nexec: SREQUEST: _close ->xxx.xxx.xxx.xxx/48002
Jan 10 12:55:29:337 [70668] nexec: (s_t_l) - did not find user CN=xxxxx\, xxxxx(P3018235),OU=IT SOC,OU=xxxxx _ xxxx,OU=Corporate,OU=Accounts,OU=xxxxx,DC=CORP,DC=COMPANYCOM,DC=co³' on hub, ok if user is administrator
Jan 10 12:55:29:337 [70668] nexec: (s_t_l) - user CN=xxxxx\, xxxxx(P3018235),OU=IT SOC,OU=Corp Ops xxxxx _ xxxx,OU=Corporate,
OU=Accounts,OU=xxxxx,DC=CORP,DC=COMPANYCOM,DC=co³' does not have an ACL specified
Jan 10 12:55:29:337 [70668] nexec: (c_l_p) - list_profiles: failed to decode security settings, access level being set to 0
Jan 10 12:55:29:337 [70668] nexec: SREPLY: status = 0(OK) ->xxx.xxx.xxx.xxx/62293
Jan 10 12:55:29:337 [70668] nexec: RREQUEST: _close <-xxx.xxx.xxx.xxx/62293  h=488 d=0
Jan 10 12:55:29:337 [70668] nexec: sockClose:0000000001142BD0:xxx.xxx.xxx.xxx/48030
Jan 10 12:55:33:340 [70668] nexec: (d_w) - no profiles are scheduled to run
 
With nexec deactivated, we see NO corruption of the DC in the hub.log:

Jan 10 12:46:23:264 [64844] 2 hub: verify_login from ctrl xxx.xxx.xxx.xxx/55396
Jan 10 12:46:23:264 [64844] 1 hub: verify - [target] prid=controller cmd=probe_tail_logfile ip=xxx.xxx.xxx.xxx perm=1
Jan 10 12:46:23:264 [64844] 1 hub: verify - [source] id=CN=xxxxxx\, xxxxxx(xxxxx235),OU=IT SOC,OU=Corp Ops Engin _ Tech,OU=xxxxxx,OU=xxxxxx,OU=xxxxx,DC=CORP,DC=COMPANYCOM,DC=com ip=xxx.xxx.xxx.xxx hub=<Primary_Hub> (OK)
Jan 10 12:46:23:264 [64844] 0 hub: SREPLY: status = 0(OK) ->xxx.xxx.xxx.xxx/55396
Jan 10 12:46:23:264 [64844] 0 hub:  head  mtype=200 status=0 seq=0
Jan 10 12:46:23:264 [64844] 0 hub:  data  time=1641840383 access=1 ident=26953
Jan 10 12:46:23:264 [64844] 0 hub: RREQUEST: _close <-xxx.xxx.xxx.xxx/55396  h=294 d=0 fd=5164
Jan 10 12:46:23:264 [64844] 0 hub:  head  mtype=100 cmd=_close seq=1 ts=1641840383 frm=xxx.xxx.xxx.xxx/55396 tout=180 addr= sid=*****
 
But when nexec is activated, we DO see the corruption of the DC.
 
xxxx,OU=Corporate,OU=Accounts,OU=XXXXXX,DC=CORP,DC=COMPANYCOM,DC=co³' on hub, ok if user is administrator
...
Jan 10 12:55:29:337 [70668] nexec: (c_l_p) - list_profiles: failed to decode security settings, access level being set to 0
 
The customer has to login and logout with a different user to workaround it.

Environment

  • Release : 20.3
  • Component : UIM - NEXEC
  • nexec v1.36

Cause

  • Defect

Resolution

nexec-1.36-T1.zip (attached to this KB Article)

Attachments

nexec-1.36-T1_1641934930752.zip get_app
Powered by Wolken Software