IBM Support

CPM Automatic Updates - Manual Setup Process

Technote (troubleshooting)


Problem(Abstract)

The following process can be used to manually setup CPM automatic updates.

Resolving the problem

CPM Auto Update Manual Setup

CPM Automatic Updates - Manual Setup Process

The following is the manual setup process for automatic updates for CPM.  These steps are identical to the actions carried out by the CPMAutoUpdateSetup script described in KB Article -

Generate Custom CPM operator


There are two ways to do this:

Using the ESP AdminTool GUI:
  1. Navigate to: Start > All Programs > Trend Micro Endpoint Security Platform > ESP Administration Tool.
  2. Choose User management tab > Add User.
  3. Input username/password.
  4. Uncheck "Give this user the ability to administer management rights".
  5. Click OK.

Or ...


From the command line:

Version 7.2
Change directory "C:\Program Files\BigFix Enterprise\BES Server\BESAdmin\"

Version 8.0+
Change directory "C:\Program Files\Bigfix Enterprise\BES Server\"

Syntax:

BESAdmin.exe /createUser:<UserName> /userPassword:<UserPassword> /userKeysOutputFolder:<UserLicenseFolder> /userEmail:<UserEmail> /masterOp:<MasterOperator?(yes/no)> /customContent:<CustomContent?(yes/no)> /sitePassword:<SiteLevelPassword> /sitePvkFile:<SiteLevelPrivateKeyFile(.pvk)>

Example:

BESAdmin.exe /createUser:cpm_admin /userPassword:trendmicro /userKeysOutputFolder:"C:\Console keys" /userEmail:cpm_admin@trendmicro.com /masterOp:no /customContent:yes /sitePassword:ESP_SITE_PASSWORD /sitePvkFile:"C:\site keys\license.pvk"


Set CPM Server Registry Values

After creating "cpm_admin" user, modify the following corresponding registry values with the input parameters used.
Store operator user/password registry example

[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\CPM\server]
"PropagationUser"="cpm_admin"
"PropagationPassword"="trendmicro"
"CredentialsPVK"="C:\\Program Files\\BigFix Enterprise\\TrendMirrorScript\\Credentials\\publisher.pvk"


Copy CPM operator propagation credentials to TrendMirrorScript home directory

  • TrendMirrorScript will use the custom CPM operator's credentials to propagate new pattern file information to the custom CPM auto-update site
  • When creating a new operator using BESAdmin.exe, operator credentials are saved to the folder specified with the parameter /userKeysOutputFolder:<UserLicenseFolder>
  • In the example above, this is folder [C:\Console keys]
  • Copy the folder [C:\Console keys] to [C:\Program Files\BigFix Enterprise\TrendMirrorScript\]
  • After the folder is copied, rename the folder [C:\Program Files\BigFix Enterprise\TrendMirrorScript\Console keys] to [C:\Program Files\BigFix Enterprise\TrendMirrorScript\Credentials]


Create custom CPM Site and authorize propagation credentials for custom CPM operator

The next part is to create custom site and authorization. From the command prompt change to directory [C:\Program Files\BigFix Enterprise\TrendMirrorScript] for BES Client 7.2 or [C:\Program Files\BigFix Enterprise\ BES Server] for BES Client 8.0+ and run PropagateFiles.exe to create the authorization that lets users write to the custom site.
Note:The following must be done using an Administrator user with elevated privileges. For example,on Windows 2008 the program must be invoked with elevated privileges or using the "Runas Administrator" option.

Syntax:

PropagateFiles.exe CreateFileOnlyCustomSiteUserAuthorization <site admin pvk> <site admin password> <dsn> <operator name> <operator password> <site name>

Example:

PropagateFiles.exe CreateFileOnlyCustomSiteUserAuthorization "C:\site keys\license.pvk" "ESP_SITE_PASSWORD" "bes_bfenterprise" "cpm_admin" "trendmicro" "FileOnlyCustomSite_CPMAutoUpdate"


IMPORTANT: Keep the following input parameters the same

DSN = bes_bfenterprise
Site Name = FileOnlyCustomSite_CPMAutoUpdate

Successfully completing the setup process will generate the propagation authorization file [C:\Program Files\BigFix Enterprise\TrendMirrorScript\FileOnlyCustomSiteAuthorization_CPMAutoUpdate] for BES Client 7.2 or [C:\Program Files\BigFix Enterprise\ BES Server\FileOnlyCustomSiteAuthorization_CPMAutoUpdate] for BES Client 8.0+ and indicate that automatic update has been configured.

Historical Number

825

Document information

More support for: IBM BigFix family

Software version: All Versions

Operating system(s): Platform Independent

Reference #: 1506160

Modified date: 22 December 2011


Translate this page: