I believe we had somewhat of the same issue where the Application server would not start. Try modifying your users.local file and add the following entry:
I hope this helps resolve your issue.
Yep, I just got off a WebEx with BMC and adding the System:System entry into the users.local file was one way to fix the problem.
The other way is to comment out the nousers line in the users file. I'm still not sure why this needs to be done if bladmin is in the users.local file and that is the local account that is starting up the appserver. I would think this would override anything in the users file. Maybe someone else on here can answer that for me.
the 'BLAdmins:BLAdmin' user in the users.local file is a BladeLogic user, not the local unix system account user that the appserver runs as. ('bladmin')
the 1st connection the appserver makes comes across as 'System:System' which is why you would need that entry. so if that entry isn't there, and the 'nouser' entry is in the users file, the file server agent doesn't know what to do w/ 'System:System' and the 'nouser' tells the agent to ignore anything it doesn't know about.
so the problem w/ the agent on the 'file server' system is that you want to use it as both the 'file server' and a normal agent to manage the OS of that system.
for the file server bit you would typically do a user mapping in the exports file, and never push acls to it. but to manage the OS of the box, you'd want to push acls to it, but then you run into problems w/ the file permissions of files in the depot directory.
if you want to use it as a file server and use the agent on it to manage the system you should install 2 agents on it (unix only though).
i can post more about that if you want, it's a little more complicated, but more secure.
Thanks Bill, that makes sense. I didn't see this post earlier because I don't think the "watch" function is working on the forums anymore (at least for me it isn't).
I didn't realize you could load two agents on one machine... definitely good to know though. In this case, I don't think we would want to absorb the cost of using two agents on here because it is only for our test environment and isn't heavily used and is only accessed by a few people, so adding them into the users.local would probably be fine.
the email notifications were broken a while back, something happened on the server...anyway...
i can't speak to licensing cost, but on unix systems we typically recommend taking the 2 agent approach.
Gotcha.... I guess they're back up and running now since I got the notification.
If you can post or email me the details behind having two agents that would be a big help.
it's a little rough, so there may be omissions, but the attached should outline the process.
i believe in 8.0 we're dealing w/ the underlying issue here so by then we should be able to go back to 1 agent on the 'file server'..
two_agents_one_host.pdf 241.0 K
How do you guys see this on a Windows system?
You can't do this on windows.
If I understand correctly: you cannot have a secure Application Server on Windows? You always have to open it up for everyone?
Or is my idea incorrect?
On windows you have the following options:
1 - everyone is mapped to an administrator user, anyone has the potential to manage the system
2 - everyone is mapped to a non-privledged user that owns only the 'file server' files, no one can manage the server
3 - some people are mapped to an administrator, some people are not mapped to anyone, you have alot of problems deploying packages.
on windows i would say go w/ option #2 for the 'file server'. that said, it's possible to configure permissions on the ntfs file system such that permissions are inherited so you could probably map everyone to 'blfsuser' (the non-privledged account) and put a line in users.local to override and map your server admins to an administrative account.
this is a known issue and it will be addressed in the product, but I don't have a timeline for that.