PowerQuest PowerExpert SRM 5.0

Contents

See Feature Notes.

See Configuring SQL Server Support.

See Extending the Active Directory Schema.

See Known Issues.

See Migration Tool.

See Terminology Changes.

See PowerQuest Storage Manager Newsletter.

Feature Notes

See Installing and Configuring PowerExpert SRM.

See Setup - SQL.

See Microsoft Hot Fix for Web UI.

See Preferences.

See Reports.

See Policies.

See Active Directory.

See Managed Objects.

Installing and Configuring PowerExpert SRM

  • Under Windows NT 4.0, WMI must be installed before you install PowerQuest® PowerExpert SRM 5.0.
  • While installing in a cluster environment, you should change the default path for Trend and Audit databases to point to the shared disk.
  • For security purposes, the report scheduled on remote collector is running as local system account, which is the scheduler service account. You must change the account in Explorer manually on the remote collector machine to get access permission to the storage system on that machine.
  • SNMP trap is currently disabled. It will be available when the first patch of PowerExpert SRM is released.
  • The silent install is currently broken. Therefore, SMS push installs are not working.
  • The account name and password that you enter during setup cannot be used by the services created during PowerExpert SRM 5.0 setup on Windows NT 4.0. This happens because setup on NT registers WQQASvr and WQFSSvr using /service argument as the create service executable cannot be used on Windows NT unlike Windows 2000. When /service argument is used the service thus created uses Local System account by default. So because of this user has to manually change the services log on account to an admin account.

Setup - SQL

The SCAlloc or SCBlock command line utilites only affect allocation and blocking attributes, respectively. Use the SCSRM command or the user interface to create a policy that contains both allocation and blocking attributes.

To view centralized audit information, you must configure a central database and have all servers write to the central database.

Microsoft Hot Fix for Web UI

After installing the operating system, you must apply the following hot fixes before using the PowerExpert SRM Web UI:

  • Q287917 "WMI Registry Provider does not support UNICODE"
  • Q297835 "Subsequent COM Calls in a Win32 Process May Not Work After Call to Methods in Microsoft.DiskQuota Object"
  • Q294831 "Server.HTMLEncode and Server.URLEncode Corrupt High UTF8 Characters"

You can obtain information about hot fixes through Microsoft.

Preferences

When the Auto Detect Disks option is selected in preferences and the server is rebooted, all disk partitions and mount points are scanned. Correct property values of the objects are displayed only after the scanning is complete.

Reports

  • For reports to pop up, the output must be directed to the default output folder (%sytemdrive%\Program Files\PowerQuest\PowerExpert SRM\5.0\Reports). To redirect the output, change the output folder location and ensure that the shared folder WQReportParameters is pointing to the new location.
  • The default output format for all reports is Active HTML. To run reports in plain HTML, Excel, CSV, DBF, or text format, select the option under the Format tab of the report properties.
  • The maximum e-mail attachment size allowed for a report in text format is 10,485,760 bytes.
  • Drilldowns are only supported if the server and client are in the same domain or if there is a trust relationship between the domains.
  • Reports run against objects on a remote server run properly but reports do not display if the objects are not shared for Administrator (hidden shares).
  • When the thresholds are tripped in quick succession and their reports are scheduled at the same time, the reports are not run.

Policies

  • When you use the Auto Detect Disks feature, the space limit is always set to passive using the device capacity, and the space limit setting from the policy selected is ignored.
  • While setting a space allocation on the root of a drive through the UI, SCAlloc, or SCSRM command line, the space limit is always set to passive using the device capacity, and the space limit setting from the UI, policy, or command line /p parameter is ignored.
  • File Blocking help states that you can include/exclude a full path from the blocking process. For example, you could enter C:\users\Administrators to exclude it from the c:\users file blocking object. Actually, this scenario would only work if "\Administrators " or "Administrators " (not the full path c:\users\Administrators) were entered in the exclude filter. By design, file blocking adds the path of the file blocking object (in the previous example, C:\users) to the directory object specified in the filter. If you click Browse to select a path to include/exclude, the whole path will display in the interface. You must modify it by removing the object name (c:\users, for example), or the filter will not work correctly.

Active Directory

  • Using AD version, if the domain controller (DC) is rebooted and no other DC is available, you must restart MMC after the DC has rebooted.
  • Policy names in the AD version are limited to 35 characters.

Managed Objects

If the space limit on %system Drive%\Documents and Settings is active and is exceeded, the system cannot open the policy database (QAPolicyV5.mdb) and association with objects cannot be established. It is not recommended to enforce a space limit on the Documents and Settings folder because this is where user profiles are stored.

Configuring SQL Server Support

  1. Create SCSRMDB database in SQL Server.
  2. Import SCTrend.mdb and SCAudit.mdb into SCSRMDB.
  3. Make changes to the following tables:

    4. Scanned Objects table
    Set ObjectID as Primary key.
    Make sure "Yes" shows for identity property for ObjectID.

    Drive Usage table
    Make sure "Yes" shows for Allow Nulls property for Type and Volume.

    File Type Usage table
    Make sure "Yes" shows for Allow Nulls property for File Type.

    Real Time Allocation Objects
    Make sure "Yes" shows for Allow Nulls property for Server and Object.

    Message table
    Set ID as primary key
    Make sure "Yes" shows for identity property for ID.
    Change Datatype for Message column to varchar and set length to 2048.

  4. Set user permissions to the SCSRMDB database.
  5. Remove or rename the previous ODBC DSN for SCAuditDB and SCTrendDB on each machine.
  6. Configure the ODBC DSN for SCAuditDB and SCTrendDB on each machine using the SCSRMDB database in SQL Server.
  7. If using a SQL login, add the following registry values on each machine:

    8. [HKEY_LOCAL_MACHINE\SOFTWARE\WQuinn\StorageCentral SRM \5.0]

    "DBUID"="[User]"

    "DBPWD"="[Password]"

  8. [User] and [Password] in the registry must be the same as that in the ODBC connection, and this account must have permission to access the SCSRMDB database in SQL Server.
  9. The ODBS DSN should use the access method specified in database properties to access SCSRMDB database. For example, if the SQL login access method is specified, ODBC DSN should be configured to use a login account and password.

Extending the Active Directory Schema

Installing the AD version of PowerExpert SRM 5.0 in a child domain requires extending the AD schema. For this reason, you must ask the Schema Administrator to first extend the schema using the ExtSche.exe program.

To extend the schema and build the PowerExpert SRM data structure in Active Directory:

  1. Execute ExtSche.exe.
  2. Import the registy file sc5.reg to your local system.
  3. Execute RegToAD.exe to copy the data structure to AD.

Typing RegToAD /? will display the usage.

Allow enough time for schema changes to replicate to all of the child domains. Then install PowerExpert SRM 5.0 in the child domain, and answer "Yes" when prompted, "Do you want the product to support Microsoft's Windows 2000 Active Directory?," "No" when prompted, "Do you want to run Extend Schema program?" and "Yes" when prompted "Do you want to run RegToAD program?"

After installation, you will be able to use the policies in the child domain. ExtSche.exe and RegToAD.exe program are included in the \Utilities folder on the PowerExpert SRM CD.

Known Issues

See Web Pages Do Not Display Information.

See Program Continues To Run Report After Selecting Close.

See AD Level in the Web UI.

See Auto Detect Folder Space Limit.

See Cluster Resource Groups with Only One Node as a Possible Owner.

See Content Blocking.

See Computer Policies.

See QAQuotasV4.DAT Not Deleted During Uninstall.

Web Pages Do Not Display Information

When attempting to access the AD version of PowerExpert SRM server (scenario 1, described below) or a remote PowerExpert SRM Registry version server (scenario 2, described below) through a remote web client, the managed objects, policies, file groups, and reports web pages do not display any information.

    Scenario 1 (Active Directory)

    Computer(1): IIS server with Internet Explorer client
    Computer(2): PowerExpert SRM server AD version

  • Set the authentication in IIS to NT Challenge/Response only.
  • On computer(2), start PowerExpert SRM server.
  • On computer(1), browse to connect to the IIS Server.

    • Scenario 2 (Registry)

    Computer(1): IIS server
    Computer(2): PowerExpert SRM server Registry version
    Computer(3): Internet Explorer client

  • Set the authentication in IIS to NT Challenge/Response only.
  • On computer(2), start PowerExpert SRM server.
  • On computer(3), browse to connect to the IIS Server.

Windows NT Challenge/Response (NTLM) Authentication will not allow access to any network resources beyond the Internet Information Server (IIS) computer. This is because NTLM authentication does not pass a user's credentials over the wire. It only passes a security token created at the time the user is authenticated on the network. Consequently, the username and password are unavailable to IIS when it is challenged for access to a network resource, and IIS is unable to create and pass a user's security token over the network. Thus, access to network resources requiring authentication will be denied.

If Internet Explorer is running on the same computer as the Internet Information Server, this error will not occur using NTLM, since the username and password credentials are available.

  • If you require that users be authenticated when accessing the component, using Basic Authentication will overcome this limitation.
  • Using Basic Authentication means users will be sending their network credentials in plain text over the network, potentially exposing the network to a security breach. If this is a concern, you can use Basic Authentication over Secure Sockets Layer (SSL).

Enabling Basic Authentication

  1. Open the Microsoft Management Console (MMC) for Internet Service Manager.
  2. Open the properties sheet of the application root (or virtual directory) to which you wish to apply the changes.
  3. Select the Directory Security tab and click the Edit button under Anonymous Access and Authentication Control.
  4. A new dialog box titled Authentication Methods opens. Make sure Basic Authentication is the only option selected, then apply the changes.

Enabling Secure Sockets Layer

To use Secure Sockets Layer in conjunction with Basic Authentication, see the Windows NT 4.0 Option Pack documentation at the following path:

Microsoft Internet Information Server\Server Administration\Security\Authentication\Setting Up SSL on Your Server

Program Continues To Run Report After Selecting Close

If you click Close while running a report, the program continues to run the report and closes the dialog after it has finished scanning the object.

AD Level in the Web UI

While connected to another AD level in the WebUI, the managed objects, audit info, and most of the tabs under Preferences reflect the info from local computer instead of the AD level user is connected to.

Auto Detect Folder Space Limit

When an auto detect folder space limit is created on the root of a drive (other than the boot drive), all subfolders are successfully detected but a folder limit object is also created on the root of the drive. This will be fixed in a future release.

Cluster Resource Groups with Only One Node as a Possible Owner

When setup creates the cluster resource groups, it creates them with only one node as a possible owner and the other nodes are not included in possible owners. Because of this, cluster resource groups can't fail over to the other node. The following error is generated in Cluster Administrator when it is started on node 2 after node 1 becomes unavailable:

    An error occurred attempting to read properties for the "Cluster Group StorageCentralSRM5" resource:

    The specific node does not support a resource of this type. This may be due to version inconsistencies or due to the absence of the resource DLL on this node.

    Error ID: 5079 (000013d7)

"Do you want to ignore this error and continue?"

If you ignore this error, you will get another similar error regarding 'Disk Group 1 StorageCentralSRM5' resource. To work around this problem, manually change the properties of both cluster resources, and include the other nodes as possible owners.

Content Blocking

Content blocking is not supported on a cluster.

Computer Policies

For computer policies to function properly, the service log on account for CapacityShield Server service and FileMonitor Server service must be marked as "Account is trusted for delegation" and must not be marked as "Account is sensitive and cannot be delegated." Also, a collector must be selected while adding a new computer policy.

QAQuotasV4.DAT Not Deleted During Uninstall

When uninstalling PowerExpert SRM, the QAQuotasV4.DAT file, if it exists, does not get deleted for mount points. As a result, when the product is reinstalled, the mount points may appear to be auto detected even when the Auto Detect Disks option is unchecked in PowerExpert SRM properties. To prevent this, manually delete the QAQuotasV4.DAT file from the mount points after uninstalling the product.

Migration Tool

The migration tool allows you to convert PowerExpert 4.1 quotas, screening rules, and reports into a format that can be used by PowerQuest PowerExpert SRM 5.0.

The migration tool is located on the PowerExpert SRM CD.

Running the Migration Tool

  1. Run the conversion utility by double-clicking on the desktop icon.

    2. This will convert the policy database on each disk drive to the PowerExpert SRM 5.0 format and will convert all CapacityShield templates, DiskReport reports and report sets as well as the FileMonitor rules and groups so that they are usable by PowerExpert SRM 5.0. A backup of PowerExpert 4.1 will be created in the Temp directory called SC4backup.reg . PowerExpert 4.1 will then be uninstalled.

  2. Install PowerExpert SRM 5.0.
  3. In the Temp directory, find SC5settings.reg . Using Windows Explorer, double-click this file to import the converted policies into PowerExpert SRM 5.0.

Terminology Changes

PowerExper SRM 5.0 Term

PowerExpert ST 4.1 Term

file group

group

block(ing)

screen(ing)

folder

object, directory

auto detect

autodetect, learn mode

high-water

highwater

space allocation

quota

policies

templates

disk space limit

permanent quota

overdraft limit

overdraft quota

always save open files

write through, complete i/o regardless of quota

passive limit

soft quota

exclude from folder limit

exclude from absolute quota

activate below value

trigger below value

adjust disk space limit

automatically adjust quota

PowerQuest Storage Manager Newsletter

PowerQuest has a free monthly electronic newsletter that is dedicated to official announcements regarding PowerQuest products. It contains tips and techniques for getting the most out of your PowerQuest products. You can view the newsletter online (in English only) at http://www.powerquest.com/newsletter/index.html.

PowerQuest can be reached at:

© PowerQuest Corporation 2002. All rights reserved. U.S. Patent 6,092,163; other patents pending in the U.S.A. and elsewhere. PowerQuest is a registered trademark of PowerQuest Corporation in the U.S.A. and elsewhere. PowerQuest PowerExpert is a trademark of PowerQuest Corporation. All other brand and product names are the property of their respective owners.