IBM Support

Tivoli Framework Patch 4.1.1-LCF-0076

Downloadable files


4.1.1-LCF-0076 is a patch for endpoints. Although this is a 4.1.1 endpoint patch, it can be installed on 3.7B or later systems to allow for subsequent endpoint upgrades.

Download Description

Please see the download package for the full Readme.

Patches superseded by this patch:


New fixes in 4.1.1-LCF-0076 (includes fixes from 4.1.1-LCF-0062LA, 4.1.1-LCF-0069LA, 4.1.1-LCF-0070LA, 4.1.1-LCF-0071LA, 4.1.1-LCF-0072LA, and 4.1.1-LCF-0073LA):

Internal CMVC defect 167861
Symptoms: The uninst.bat script in the lcf installation directory
does not work successfully when the endpoint has been installed
with Mirosoft Windows Installer package (EpLaunch.msi). The script
fails with the following error message:
The InstallShield Engine (iKernel.exe) could not be installed.
The system cannot find the file specified.

Internal CMVC feature 257773, Enhancement request MR041410129
Symptoms: Provide support for Windows UAC (User Account Control) on
Windows Vista or later. For this feature, the lcfd service needs to
run with the SYSTEM account.

Internal CMVC defect 260852
Symptoms: Endpoint installation fails on Windows domain controller
if the Tivoli_Admin_Privileges group or the tmersrvd account already
exists on the domain.

Internal CMVC feature 261761
Symptoms: Enables the "arg_escape_disable" function to work when
the includes special characters.

Internal CMVC defect 263901
Symptoms: The dependency check of the software packages can fail
during software distributions to solaris2 endpoints with the
following error message:
TivLoadLibrary() dlopen () ==> ' spd_eng: fatal:
relocation error: file
symbol __umoddi3: referenced symbol not found'

Internal CMVC defect 264239
Symptoms: On Windows Vista or later, a window of cscript.exe shows
up during software distribution when cscript.exe is specified as
the executable of the Execute Program action and the
user_input_required option is set in the software package.

Internal CMVC defect 268654
Symptoms: Tasks do not work on Windows endpoints when the LCF patch
levels are different from the gateway. This issue occurs when the
following LA patches are applied only to the gateway and the
endpoints are not upgraded to the patch levels:

APAR IZ68408
Symptoms: With "arg_escape_disable=1" parameter, some .bat files
remain in %systemroot%\temp directory if lcfd service is terminated
while tasks or processes spawned are running.
After this fix, a sub-folder of which name starts with "LCF" is
created in %systemroot%\temp directory. The sub-folder will have
an ACL to permit the local "tmersrvd" user to READ inside of it.
Note: This patch needs to be applied to both gateways and endpoints
for this feature.

APAR IZ72551
Symptoms: TecWinAdapter leaks non-paged-Pool value if network cable
is unplugged and local_ip_interface=IP_ADDRESS is defined in the
last.cfg. When the NP-Pool is increased, EIF trace may have messages
similar to:
Mar 01 17:25:04.937000 tec_ed[1216] TR2 lcf_imp.c:731: Upcall to
TecGateway for @EventServer
Mar 01 17:25:04.952000 tec_ed[1216] TR2 lcf_imp.c:750: upcall
system exception
Mar 01 17:25:04.952000 tec_ed[1216] WNG lcf_imp.c:751: Exception:
[../../src/comm/netio.c:585 [cti_create_server] : loc=3, cls=2,
dec=999, sys=10049, tli=0, evt=0] <=== HERE!
Mar 01 17:25:04.952000 tec_ed[1216] TR1 lcf_imp.c:767: Upcall
Exceptioned to TecGateway for @EventServer

APAR IZ74770
Symptoms: The lcfd.bk exceeds its size limit and the top of the
lcfd.bk is filled with null characters when multiple lcfd.log
rollovers occur simultaneously.

APAR IZ75036
Symptoms: Tasks which spawn a shell (.sh) script do not work with
the "arg_escape_disable=1" parameter.

APAR IZ90238
Symptoms: Security vulnerability.

APAR IZ96014
Symptoms: After upgrading with the LCF SPB files, the LCF files and
binaries have unknown owner and group ids.

APAR IZ97225
Symptoms: Turning on User Account Control (UAC) setting will effect
Tivoli functioning well.

Installation Instructions

Applying the Patch:

1) Extract the patch:

On a Unix system:

Extract the contents into a scratch directory. For the purpose
of this release note, assume that the symbol $PATCH points to
this directory.

# cd $PATCH
# tar xvf 4.1.1-LCF-0076.tar

On a Windows system:

Extract the contents into a scratch directory. For the purpose
of this release note, assume that the symbol %PATCH% points to
this directory.

> %SystemRoot%\system32\drivers\etc\Tivoli\setup_env
> X:
^-- 'X' is drive letter where %PATCH% is found
> cd %PATCH%
> tar xvf 4.1.1-LCF-0076.tar

NOTE: If you are extracting the tar image on a Windows
system, you will find an executable for tar in the TME
installation on Windows under bin/w32-ix86/tools/tar.exe.

2) If this patch is to be installed on a release level of 3.6 or
greater, follow these instructions for using Software
Installation Service (SIS). If not, skip to step 3 below.

NOTE: SIS can install Tivoli products on any hardware
platform supported by Tivoli, but there are some
hardware platforms on which SIS cannot be run. Please
check your SIS User's Manual for the list of platforms
on which SIS can be run.

NOTE: You must have the install_product and super authorization
roles to successfully install this patch.

a) From the Tivoli Desktop, pull down
Desktop --> Install --> Software Installation Service.
b) SIS will initialize, and bring up the Get Installation
Password Dialog. Enter your Installation Password.
c) Click the Install Button on the dialog which contains
the Tivoli image.
d) Click the Select Product Button on the Install Spreadsheet
e) Click the Import Product Button on the Select Product
f) Locate the media to 4.1.1-LCF-0076 using the file browser,
and select the PATCHES.LST file by double-clicking it.
g) Select 4.1.1-LCF-0076 in the Import Product Dialog, and
click the Import Button.
h) When the import is complete, click the OK Button on the
Global Progress Dialog.
i) Select 4.1.1-LCF-0076 in the Select Product Dialog, if it
is not already selected, and click the OK Button.
j) Now click the Select Machine Button on the Install
Spreadsheet Dialog.
k) Select the machine(s) you would like to install
4.1.1-LCF-0076 on and click the OK Button.
l) Click the appropriate cell(s) in the Install Spreadsheet
Dialog. (NOTE: This should yield an "X" in the cell(s)
for the machines you want to install 4.1.1-LCF-0076 to).
m) Click the Install Button.
n) Select the install algorithm you want to use on the
Installation Algorithm Dialog, and click OK.
o) SIS will perform the installation(s) you designated
in the Install Spreadsheet Dialog.
p) Installation is complete. Check the Additional
Installation Instructions section below.

3) Use the following steps to install the patch using the Tivoli
GUI install mechanism.
NOTE: You must have the install_product and super authorization
roles to successfully install this patch.

a) Select the "Install -> Install Patch..." option from the
"Desktop" menu to display the "Install Patch" dialog.
b) Press the "Select Media..." button to display the "File
Browser" dialog.
c) Enter the path to the directory containing the patch,
$PATCH, in the "Path Name:" field.
d) Press the "Set Media & Close" button to return to the
"Install Patch" dialog.
e) The patch install list now contains the name of the patch.
Select the patch by clicking on it.
f) Select the clients to install this patch on. This patch
needs to be installed on gateway machines.
g) Press the "Install" button to install the patch.

Additional Installation Instructions:

This patch upgrades the endpoints from earlier versions to version
41176. In order to upgrade your endpoints:

1) Make sure the endpoint has logged into the TMR.

2) Verify that the endpoint has logged in by using the "wep ls"

3) Before the upgrade, do:

wadminep <ep_name> view_version

The version number returned should be a value less than 41176,
depending on which other patches affecting endpoint code have
been applied.

4) For Framework 4.1 or 4.1.1, perform step 4a) below. For Framework
3.7 or 3.7.1, perform step 4b) below.

4a) (Framework 4.1 / 4.1.1) From the Tivoli region server or the
gateway that the endpoint is logged into, enter the following

wepupgd <ep_name>

NOTE: For Framework 4.1, the wepupgd command will upgrade the
endpoint to the 4.1 binaries in lcf_bundle.41000 by default,
and not to the 4.1.1 binaries in lcf_bundle.41100. To upgrade
an endpoint to the 4.1.1 binaries in lcf_bundle.41100, the
path to the lcf_bundle.41100 directory should be specified on
the wepupgd command. For example,

wepupgd -p <path to lcf_bundle.41100> <ep_name>

4b) (Framework 3.7 / 3.7.1) From the Tivoli region server or the
gateway that the endpoint is logged into, enter the following

wadminep <ep_name> upgrade

NOTE 1: The wadminep command will use binaries from the
machine on which the upgrade command is executed. So, for
example, if wadminep is executed on a Tivoli region server
and the endpoint's gateway is a different machine, then the
binaries on the Tivoli region server (not the endpoint's
gateway) will be used for the upgrade.

NOTE 2: For Framework 3.7 / 3.7.1, the wadminep command will
upgrade the endpoint to the 3.7.1 binaries in lcf_bundle.40
by default, not to the 4.1.1 binaries in lcf_bundle.41100.
To upgrade an endpoint to the 4.1.1 binaries in
lcf_bundle.41100, the path to the lcf_bundle.41100 directory
should be specified on the wadminep command. For example,

wadminep <ep_name> upgrade <path to lcf_bundle.41100>

5) After the upgrade, do:

wadminep <ep_name> view_version

It should return a 41176.


This patch contains the Windows library TivoliAP.dll. Since
TivoliAP.dll may already be in use by Windows, the Windows system
must be rebooted after an upgrade (or a new installation where an
older version of TivoliAP.dll was in use) so that this new version
of TivoliAP.dll will be loaded into memory. If you do not reboot,
then Windows will continue to use the older TivoliAP.dll that was
previously loaded.

(The TivoliAP.dll being replaced is used by the Windows security
service. Due to this library being locked, we must follow the
Microsoft solution for handling locked libraries. This solution
dictates that we must reboot the Windows system to allow the locked
library to be replaced at boot time.)

Note: The version of TivoliAP.dll supplied in this patch is the same
as the version (28) supplied 4.1.1-LCF-0040LA except for timestamp
information, but is different from all earlier endpoint versions.
Thus, if you are upgrading from 4.1.1-LCF-0040LA (or later) to this
patch, then it is not necessary for the Windows endpoints to be
rebooted. For earlier endpoint versions, however, there is no
problem in continuing to run with an older version of TivoliAP.dll
on Windows except that certain fixes will not be available. Thus,
this endpoint reboot does not have to be done when an endpoint is
upgraded and can be deferred until a later time.


Installing Components using Software Package Blocks (SPBs)

Before installing images from software package blocks, the Software
Distribution version 4.1 (or later) component of IBM Tivoli
Configuration Manager must be deployed. (Software Distribution
version 4.0 is not supported.) To install an image from a software
package block (SPB) to an existing endpoint, perform the following

1) From the Tivoli desktop, double-click the appropriate policy
region icon to display the Policy Region window.
2) In the Policy Region window, double-click the appropriate
profile manager icon to display the Profile Manager window.
3) Select Profile from the Create menu to display the Create
Profile window.
4) Create a software package profile.
5) Right-click the new software package profile and select Import
to display the Import window.
6) In the Location of Input File group box, select Managed Node
from the drop-down list.
7) Click the Browse (...) button to display the Select Input File
8) In the Select Input File window, perform the following steps:
a) In the Managed Node list, select the machine where tar file
was extracted.
b) In the Input File Path list, select the 411LCF76/SPB
c) Select the image to import.
d) Click Set File & Close to return to the Import window.
9) In the Location of Source Host group box, perform the following
a) Ensure that the Build check box is selected.
b) In the Source Host Name text box, type the source host name.
c) In the SPB Path text box, type the path to the software
package block.
10) Click Import & Close to return to the Profile Manager window.
11) Right-click the software package profile, and select Install to
display the Install Software Package window.
12) In the Available Subscribers list, select the endpoints where
you want to install the image.
13) Click Install & Close to begin the installation. The window
remains open until the operation is submitted.


To install a new endpoint on an iSeries machine, run the following
command from the gateway: -g gateway_name
-L 'log_threshold=3 lcs.machine_name=ep_name' \

To install an iSeries endpoint with multiple network cards from a
gateway that has multiple network cards, as shown by the following
example of a desired configuration:

Gateway NIC to use :
AS/400 TMA Network card :
Endpoint HostName : cheese (
Endpoint name is : queso
AS/400 TMA local port : 18752
Log threshold is : 3

then the following command can be used to install that endpoint: -L 'local_ip_interface= \
lcs.machine_name=queso log_threshold=3' -l 18752 \
-g ibmtmp1+8752 -T cheese


NOTE: The Linux endpoints do not support the following monitors:

* Client RPC timeouts
* NFS bad calls
* RPC bad calls
* Jobs in print queues
* Total size queued
* Page -scans

Installation of an endpoint using the winstlcf command with its
default options may fail or hang. This problem affects Red Hat 6.2
(and higher). The default winstlcf endpoint installation uses the
Linux rexecd daemon on both the source and the target for
communication. On the Linux operating systems mentioned above, the
rexecd daemon contains a defect which prevents Tivoli endpoints from
installing. Because of security policy in Red Hat 6.2 (and higher),
root access via the rexecd has been disabled, which prevents Tivoli
endpoints from installing.

Workaround: Install the endpoint using the winstlcf command with the
-e Trusted Host option as follows:

Follow operating system instructions to configure the target's
.rhosts file to allow trusted host root access for the gateway from
which the installation is being performed. If configured properly,
the following command executed from the gateway should return

rsh target_machine_name -l root echo hello

If "Permission Denied" is returned, consult operating system
documentation on how to correctly configure trusted host access and
repeat the above test.

From the gateway in which you successfully ran the test above,
install the target endpoint using the Trusted Host access method as

winstlcf -e target_machine_name

Contact the appropriate vendor to obtain the following service patch
which corrects rexec:

Red Hat 7.0: Patch "glibc-2.2-12" as described in Red Hat Service
Advisory "RHSA-2001:001"

Turbolinux: Contact vendor to obtain a rexec fix or use the

Follow operating system instructions to properly enable rexec to
allow root access to the target since, due to security
considerations, many operating system vendors disable rexec by
default. Tivoli strongly recommends that once the Tivoli
installation is complete, rexec access to the target be disabled or
restored to a configuration recommended by the operating system

Download package

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is Fix Central(FC)?
4.1.1-LCF-0076 2011/05/16 English 72683520 FC

Problems (APARS) fixed
IY76364, IY77127, IY79052, IY78864.1, IY79297, IY79927, IY80239, IY78864, IY75955, IY76867, IY77288, IY78396, IY78814, IY66812.1, IY68277, IY69511, IY70413, IY71885, IY73810, IY67620, IY67848, IY68031, IY69226, IY70216, IY70216, IY44312, IY61722, IY63058, IY63452, IY64581, IY64729, IY65631, IY66599, IY66699, IY66711, IY67182, IY67848, IY68031, IY65631, IY67182, IY51380, IY58391, IY58418, IY59089, IY60840, IY60920, IY61488, IY61648, IY62005, IY63563, IY60840, IY60920, IY36652, IY49044, IY54512.2, IY56597, IY56774, IY57130, IY57855, IY58727, IY59018, IY60017, IY58356, IY46529, IY53132, IY53319, IY54373, IY54395, IY54512.1, IY54833, IY55564, IY56474, IY56646, IY53733.1, IY48151, IY48425, IY52504, IY52510, IY53733, IY53906, IY54512, IY77089, IY79438, IY80246, IY80515, IY81876, IY83963, IY84086, IY85120, IY85979, IY87262, IY87678, IY89137, IY89255, IY89307, IY90450, IY91100, IY89601, IY91783, IY91944, IY92369, IY94068, IY94232, IY94288, IY95662, IY96789, IY96219, IY97940, IY98436, IY98657, IZ02656, IZ02783, IZ03492, IZ03758, IZ04886, IZ10654, IZ15686, IZ28527, IZ38911, IZ45338, IZ45343, IZ33029, IZ61795, IZ67469, IZ69826, IZ70817, IZ68408, IZ72551, IZ74770, IZ75036, IZ90238, IZ96014, IZ97225

Document information

More support for: Tivoli Management Framework

Software version: 4.1.1

Operating system(s): AIX, HP-UX, IBM i, Linux, NetWare, Platform Independent, Solaris, Windows

Reference #: 4029908

Modified date: 16 May 2011

Translate this page: