Compaq PATHWORKS for OpenVMS
Server Installation and Configuration Guide

3.5 How to Change Default Configuration Settings

After you exit the Configuration Manager, the configuration procedure displays a list of server configuration settings and a prompt that lets you change them; for example:

Advanced Server for OpenVMS is presently configured to run as follows: 1. Run the License Server: NO 2. Enable Timesource service: NO 3. Enable Alerter service: YES 3a. Alert user names: Administrator 4. Enable Netlogon service: YES 5. Advanced Server domain: LANGROUP 6. Advanced Server role: PRIMARY 7. Advanced Server computer name: COBRAZ 7a. Advanced Server OpenVMS Cluster alias: COBRAZ_ALIAS 8. Server announce comment: PATHWORKS V6.1 for OpenVMS Enter item number, or RETURN to use these values [DONE]:

To change a server configuration setting, enter the number of the setting you want to change. A prompt is then displayed that lets you change that setting. Table 3-2, Configuration Settings, describes possible values for each setting.
To save the settings after you complete your changes or to accept the settings displayed, press the Return key to use the default answer DONE. For more information about server configuration, refer to the Compaq PATHWORKS for OpenVMS (Advanced Server) Server Administrator's Guide.

Table 3-2 Configuration Settings
Setting Possible Values

1. Run the License Server: YES, to run the License Server.
NO, to use the default and not run the License Server.

2. Enable Timesource service: YES, to enable the Timesource service.
NO, to use the default and not enable the Timesource service.

3. Enable Alerter service: YES, to accept the default and enable the Alerter service.
NO, to disable the Alerter service.

3a. Alert user names: ¹ A comma-delimited list of user names (each containing up to 20 characters), who can receive alert messages.

4. Enable Netlogon service: ² YES, to accept the default and enable the NetLogon service.
NO, to disable the NetLogon service.

5. Advanced Server domain: A domain name of up to 15 characters.
Press the Return key to use the default. The default domain name is LANGROUP. You can specify a name that reflects your company or group.

6. Advanced Server role: PRIMARY, to designate the server as the PDC
BACKUP, to designate the server as a BDC
MEMBER, to designate the server as a member server.
For more information on configuring the domain role, see Section 3.6, Configuring the Advanced Server Domain Role.

7. Advanced Server computer name: A computer name of up to 15 characters.
Press the Return key to use the default. If this is the first time running the configuration procedure, the default is your system's SCSNODE name.

7a. Advanced Server OpenVMS Cluster alias: ³ The Advanced Server cluster alias for the OpenVMS Cluster to which your server belongs.
Press the Return key to use the default. If DECnet is configured to run, the default is the DECnet cluster alias. If DECnet is not configured to run, the default is nodename_ALIAS.

8. Server announce comment: A text string of up to 48 characters that the server uses to announce its presence on the network. Do not use the following characters:

" / \ [ ] : ; | = , + * ? < >
Enclose any other nonalphanumeric characters in quotation marks.
Press the Return key to use the default.

**Table 3-2 Configuration Settings**
Setting	Possible Values
1. Run the License Server:	YES, to run the License Server. NO, to use the default and not run the License Server.
2. Enable Timesource service:	YES, to enable the Timesource service. NO, to use the default and not enable the Timesource service.
3. Enable Alerter service:	YES, to accept the default and enable the Alerter service. NO, to disable the Alerter service.
3a. Alert user names: ¹	A comma-delimited list of user names (each containing up to 20 characters), who can receive alert messages.
4. Enable Netlogon service: ²	YES, to accept the default and enable the NetLogon service. NO, to disable the NetLogon service.
5. Advanced Server domain:	A domain name of up to 15 characters. Press the Return key to use the default. The default domain name is LANGROUP. You can specify a name that reflects your company or group.
6. Advanced Server role:	PRIMARY, to designate the server as the PDC BACKUP, to designate the server as a BDC MEMBER, to designate the server as a member server. For more information on configuring the domain role, see Section 3.6, Configuring the Advanced Server Domain Role.
7. Advanced Server computer name:	A computer name of up to 15 characters. Press the Return key to use the default. If this is the first time running the configuration procedure, the default is your system's SCSNODE name.
7a. Advanced Server OpenVMS Cluster alias: ³	The Advanced Server cluster alias for the OpenVMS Cluster to which your server belongs. Press the Return key to use the default. If DECnet is configured to run, the default is the DECnet cluster alias. If DECnet is not configured to run, the default is nodename_ALIAS.
8. Server announce comment:	A text string of up to 48 characters that the server uses to announce its presence on the network. Do not use the following characters: " / \ [ ] : ; \| = , + * ? < > Enclose any other nonalphanumeric characters in quotation marks. Press the Return key to use the default.

¹Displayed only if Alerter service is enabled.
²Compaq recommends that the NetLogon service always be enabled, even on a member server.
³Displayed only in an OpenVMS Cluster.

3.6 Configuring the Advanced Server Domain Role

Depending on the domain type, the Advanced Server can participate in a domain as the PDC, a BDC, or a member server.

The Advanced Server may participate in three kinds of domains:

Windows NT domains, in which Advanced Servers can participate as a PDC, BDCs, and member servers.
Windows 2000 mixed-mode domains, which are domains that include both Windows 2000 domain controllers and Windows NT or Compaq Advanced Server domain controllers; Advanced Servers can participate as BDCs and as member servers.
Windows 2000 native-mode domains (also referred to as pure Windows 2000 domains), which are domains in which all domain controllers are Windows 2000 systems; Advanced Servers can participate as member servers only.

Table 3-3, Advanced Server Roles in Different Domain Types, lists for each type of domain the roles the server can take.

Table 3-3 Advanced Server Roles in Different Domain Types
Domain Type PDC BDC Member Server

Windows NT X X X

Windows 2000 mixed mode X X

Windows 2000 native mode X

**Table 3-3 Advanced Server Roles in Different Domain Types**
Domain Type	PDC	BDC	Member Server
Windows NT	X	X	X
Windows 2000 mixed mode		X	X
Windows 2000 native mode			X

Each Windows NT domain must have one PDC. The PDC stores the domain's master copy of the security accounts database.

When you install the Advanced Server to create a new Windows NT domain, the new server becomes the PDC by default. When you install server software and specify an existing domain name, the server can join the existing domain only as a BDC or member server.

A domain does not require BDCs, but one or more are recommended. A BDC keeps a copy of the domain's master security accounts database. The copy of the security accounts database stored on BDCs is synchronized with the PDC's master database. In this way, PDCs and BDCs can validate logon requests in the domain.

A member server does not store a copy of the domain's security accounts database and does not validate logon requests. Member servers rely on domain controllers to validate credentials of users requesting access to member server shares. The advantages of configuring the Advanced Server as a member server are listed in Section 3.6.1, Configuring the Advanced Server as a Member Server.

In an OpenVMS Cluster, all nodes on the cluster must have the same role. If you change the role of one node, the other nodes are automatically changed to that role.

When you configure the Advanced Server for the first time, you select the role your server will perform in the domain. At times you may need to change the role of your server. The method you use to change the server depends on the current role of the server and the role to which you want to change it. To change the role of the server from a BDC to a PDC, or from a PDC to a BDC, use the ADMINISTER SET COMPUTER/ROLE command. To change a server BDC to a member server, you must use PWRK$CONFIG.COM, as explained in Section 3.6.1, Configuring the Advanced Server as a Member Server. To change a PDC to a member server, you must first promote another BDC to a PDC; then the original PDC is demoted automatically to a BDC, after which you can use PWRK$CONFIG.COM to change it to a member server. Use PWRK$CONFIG.COM also to change a member server to a BDC. (This restriction is similar to but less restrictive than that of Windows NT, which requires the operating system to be reinstalled to change a domain controller to a member server, or vice versa.) For more information on changing the role of the server from a BDC to a PDC, or vice versa, refer to the Compaq PATHWORKS for OpenVMS (Advanced Server) Server Administrator's Guide. Table 3-4, Methods for Changing Server Roles, summarizes which role changes are allowed and disallowed by PWRK$CONFIG.COM.

Table 3-4 Methods for Changing Server Roles
From: To: Method

BDC PDC Use ADMINISTER SET COMPUTER/ROLE command to promote the BDC to a PDC.

BDC Member Use PWRK$CONFIG.COM.

Member PDC Use PWRK$CONFIG.COM to change this server to a BDC, and then use the ADMINISTER SET COMPUTER/ROLE command to promote the BDC to a PDC.

Member BDC Use PWRK$CONFIG.COM.

PDC BDC Use ADMINISTER SET COMPUTER/ROLE to promote a BDC in the domain to PDC; this promotion demotes the original PDC to a BDC.

PDC Member Use ADMINISTER SET COMPUTER/ROLE to promote an existing BDC to a PDC; this promotion demotes the PDC to a BDC so that you can change it to a member server, using PWRK$CONFIG.COM.

**Table 3-4 Methods for Changing Server Roles**
From:	To:	Method
BDC	PDC	Use ADMINISTER SET COMPUTER/ROLE command to promote the BDC to a PDC.
BDC	Member	Use PWRK$CONFIG.COM.
Member	PDC	Use PWRK$CONFIG.COM to change this server to a BDC, and then use the ADMINISTER SET COMPUTER/ROLE command to promote the BDC to a PDC.
Member	BDC	Use PWRK$CONFIG.COM.
PDC	BDC	Use ADMINISTER SET COMPUTER/ROLE to promote a BDC in the domain to PDC; this promotion demotes the original PDC to a BDC.
PDC	Member	Use ADMINISTER SET COMPUTER/ROLE to promote an existing BDC to a PDC; this promotion demotes the PDC to a BDC so that you can change it to a member server, using PWRK$CONFIG.COM.

Caution

If you reconfigure a BDC as a member server, PWRK$CONFIG.COM automatically removes the domain controller's domain user account database.

If you reconfigure a member server to a BDC, PWRK$CONFIG.COM automatically removes the member server's local user account database.

In either case, because of loss of local group information, access to some resources might be affected. If resource permissions have been set using local groups, those permissions will have to be reset. If resource permissions have been set using global groups or global user accounts, those permissions will remain in effect after the role change.

3.6.1 Configuring the Advanced Server as a Member Server

Use the PWRK$CONFIG.COM configuration procedure to configure the Advanced Server to participate in a domain as a member server. You cannot use the ADMINISTER SET COMPUTER/ROLE command to change an Advanced Server domain controller to a member server role or to change a member server to a domain controller role.

You can configure the Advanced Server as a member server if it is joining an existing domain that has a PDC in operation.

You may want to configure your Advanced Server as a member server instead of a BDC (or PDC) for any of the following reasons:

Member servers do not spend time validating logon requests. Thus, this role can be a good choice for servers that have heavy workloads or that perform extremely time-critical tasks.
More important, configuring one or more servers as member servers rather than as domain controllers can help decrease the network load, thereby eliminating network traffic normally generated by domain controllers for replicating user databases and for authenticating logon requests. When a client attempts to find a logon server to authenticate a request, all domain controllers respond to the request. In some environments, this can generate a significant load on the network.
Configuring the Advanced Server as a member server allows the Advanced Server to participate in a Windows 2000 native-mode environment without interruption to that environment.
If in the future your PATHWORKS Advanced Server server is moved to a different domain, it is simpler to move it as a member server from one domain to another than to move it as a BDC.

The next two sections explain how to configure the Advanced Server as a member server: Section 3.6.1.1, Configuring a New PATHWORKS Advanced Server as a Member Server, and Section 3.6.1.2, Configuring an Existing PATHWORKS Advanced Server BDC As a Member Server.

3.6.1.1 Configuring a New PATHWORKS Advanced Server as a Member Server

While installing a new PATHWORKS Advanced Server in an existing domain, you can configure it as a member server during the PWRK$CONFIG.COM configuration procedure. The domain must include one active PDC.

The following PWRK$CONFIG.COM output shows how a new PATHWORKS Advanced Server server might be configured as a member server. As shown, you must first specify an existing domain (in this case, UPTIME). This example assumes the UPTIME domain is a Windows 2000 native-mode domain that already has one or more domain controllers.

Reading current configuration parameters ... Your Advanced Server for OpenVMS is presently configured to run as follows: 1. Run the License Server: NO 2. Enable Timesource service: NO 3. Enable Alerter service: YES 3a. Alert user names: Administrator 4. Enable Netlogon service: YES 5. Advanced Server domain: LANGROUP 6. Advanced Server role: PRIMARY 7. Advanced Server computer name: GRATDA 7a. Advanced Server OpenVMS Cluster alias: GRATDA_ALIAS 8. Server announce comment: PATHWORKS V6.1 for OpenVMS Enter item number, or RETURN to use these values [DONE]: 5 [Return] ************************* W A R N I N G **************************** You chose item number 5 from the menu. Changing the domain name will cause the existing SAM databases to be RE-INITIALIZED resulting in the loss of any data currently in these databases (for example, user accounts, group names, etc). ******************************************************************** Do you want to continue with item number 5 (Y/[N]) Y [Return] An Advanced Server domain is a collection of computers that share a common security database and policy. Each domain has a unique name. A network can have many domains. The Advanced Server domain name can be up to 15 characters long. The domain name must be different than the computer name. Enter Advanced Server domain name for this system [LANGROUP]: UPTIME [Return] . . . Enter item number, or RETURN to use these values [DONE]: 6 [Return] The Advanced Server role is the part the server will play in its domain. A primary domain controller maintains the domain's master user accounts database and validates logins. A backup domain controller receives copies of the master database, validates logins, and can be promoted to primary. A member server does not receive copies of the master database or validate logins. It relies on domain controllers to validate user credentials. Enter the role of this server (P)rimary/(B)ackup/(M)ember [P]: M [Return] Before joining a domain, the computer must be added to the domain. This can be done in one of two ways: - the administrator of the domain uses the administrative tools to add this computer to the domain, or - the computer is added automatically by this procedure; you must supply an administrator account and password Are you going to supply account/password information [Y]/N YES [Return] Enter the name of the primary domain controller for domain UPTIME: SUNDA [Return] Enter the name of the administrator account: [Administrator] [Return] Enter the account password in the required case: [Return] Re-enter to verify password: [Return] Process NETBIOS created with identification 206010B5 Process PWRK$NBDAEMON created with identification 206010B7 Process PWRK$KNBDAEMON created with identification 206010B9 Confirming domain name with SUNDA ... Successfully retrieved domain name from SUNDA. Validating user name and password... Successfully validated user name and password. PATHWORKS V6.1 for OpenVM is presently configured to run as follows: 1. Run the License Server: NO 2. Enable Timesource service: NO 3. Enable Alerter service: YES 3a. Alert user names: Administrator 4. Enable Netlogon service: YES 5. Advanced Server domain: UPTIME 6. Advanced Server role: MEMBER 7. Advanced Server computer name: GRATDA 7a. Advanced Server OpenVMS Cluster alias: GRATDA_ALIAS 8. Server announce comment: PATHWORKS V6.1 for OpenVMS Enter item number, or RETURN to use these values [DONE]: [Return] Saving parameters ... Creating SAM datafiles... Creating sharefile PWRK$LMROOT:[LANMAN.DATAFILES]SHAREDB ... New sharefile has been created. ADMIN$ added IPC$ added PWUTIL added PWLICENSE added PWLIC added The Advanced Server Administrator account is used to administer the server. The Administrator account is mapped by default to the OpenVMS SYSTEM account. The Administrator account password can be up to 14 characters long and the case of the characters used will be preserved. Enter a password for this Member Server's local Administrator account: [Return] Re-enter to verify password: [Return] Changing password for Administrator account... Checking system resources... . . .

3.6.1.2 Configuring an Existing PATHWORKS Advanced Server BDC As a Member Server

When you configure a BDC to become a member server, the script is similar to the one for configuring a new server as a member server. One exception is that the script will display the following lines:

Changing from backup domain controller to member server results in the re-creation of the Advanced Server SAM databases. If there is any problem with the configuration, your existing SAM databases will be restored.

The BDC's domain-wide account database is removed, and the member server's local database is created. Server-specific data is retained from the BDC's database. The configuration procedure saves the domain-wide account database in case you need to restore it later (for more information, see Section 3.7.2, If Problems Occur When Reconfiguring the Advanced Server).

The following two displays show the role of server LIONHEART before and after reconfiguration to the member server role. The display symbol for a member server is [SV].

LANDOFOZ\\TINMAN> SHOW COMPUTERS Computers in domain "LANDOFOZ": Computer Type Description ------- ------------------------ ----------------------------- [PD] TINMAN OpenVMS (NT 3.51) Primary PATHWORKS V6.1 for OpenVMS (Advanced Server) [BD] LIONHEART OpenVMS (NT 3.51) Backup PATHWORKS V6.1 for OpenVMS (Advanced Server) [BD] DOROTHY OpenVMS (NT 4.0) Backup Advanced Server V7.3 for OpenVMS Total of 3 computers [reconfigure server role] . . . LANDOFOZ\\TINMAN> SHOW COMPUTERS Computers in domain "LANDOFOZ": Computer Type Description ------- ------------------------ ----------------------------- [PD] TINMAN OpenVMS (NT 3.51) Primary PATHWORKS V6.1 for OpenVMS (Advanced Server) [SV] LIONHEART OpenVMS (NT 3.51) Server PATHWORKS V6.1 for OpenVMS (Advanced Server) [BD] DOROTHY OpenVMS (NT 4.0) Backup Advanced Server V7.3 for OpenVMS Total of 3 computers

3.7 Troubleshooting Configuration Procedure Problems

The following sections describe:

How to ensure sufficient resources will be available to support clients
How to recover if problems occur when reconfiguring the Advanced Server

3.7.1 Ensuring Sufficient Resources to Support Clients

PATHWORKS Advanced Server requests the resources that it needs using the OpenVMS AUTOGEN utility. If AUTOGEN underestimates the resources required for use by processes other than PATHWORKS Advanced Server, and these resources have already been consumed when PATHWORKS Advanced Server is started, there may be insufficient resources left for PATHWORKS Advanced Server to support the desired number of clients.

To ensure sufficient resource allocation to support clients, make sure that all software that will run concurrently with PATHWORKS Advanced Server is installed and started before you run the PATHWORKS Advanced Server configuration procedure. If TCP/IP is selected as a transport, make sure that the TCP/IP product is loaded before you run the PWRK$CONFIG.COM procedure.

After you successfully configure the PATHWORKS Advanced Server, it may not start, reporting that there are insufficient resources to support any clients. In this case, examine the following file to determine the system resource that needs to be increased (nodename is the name of the server node):

PWRK$LOGS:PWRK$CONFIG_ERROR_node.LOG

To increase the resource allocation, make the appropriate modifications to the MODPARAMS.DAT file and then run AUTOGEN. Refer to Chapter 1, Before You Install PATHWORKS Advanced Server, for more information about the requirements for system parameter settings.

3.7.2 If Problems Occur When Reconfiguring the Advanced Server

If you reconfigure a previously configured server, the PWRK$CONFIG.COM command procedure creates subdirectories in the PWRK$LMDOMAINS: and PWRK$LMDATAFILES: directories, and stores the original accounts database files there.

The names of the subdirectories are based on the date and time, such as 16JUN20014314818.DIR, indicating that the directory was created on 16-JUN-2000 at approximately 2:32 p.m.

If an error occurs during configuration, the server configuration will be returned to its original state. After you are confident you have a successful reconfiguration, you can manually delete these subdirectories and their contents.

3.8 The Advanced Server Network Adapter

PATHWORKS might need to use the network to communicate with the PDC. If the system has more than one network adapter (also referred to as a network interface card), the default adapter chosen by PATHWORKS might not be the correct interface. Or, on some newer systems, the Advanced Server might not recognize the only network adapter present. In such cases, you can define system logical names to direct the Advanced Server to use a specific interface. If no such logical is defined, PATHWORKS selects the first adapter (alphabetically) defined on your system from a list of known adapters.

If the server has access to more than one network adapter and you do not want to use the adapter selected, or if the system has a network adapter that is not found or recognized by the Advanced Server, you can manually specify the network adapter to use with the transport you specified.

Contents

Index

Compaq PATHWORKS for OpenVMSServer Installation and Configuration Guide