System configuration settings

You can use a variety of settings to configure your management console. Find these settings on the Administration > System page.

When you click Administration > System, the system displays a list of settings. Click the name of a system setting to display an edit panel for the setting.

Note: For system settings that acquire numeric values, the management console accepts any value that consists of one or more integers (0 - 9). Numeric-grouping characters, such as commas (,), decimals (.), and other non-integer separators, are not supported.

The panel includes the following buttons:

Save - Saves your changes to the settings value.
Revert to the Default - Resets the setting to its default value.

The following table describes the available settings.


Setting	Description
Account Lockout Decay	Default: `60` minutes. After this period of time, the system discards the last failed login attempt. If set to a negative value, the failed login is not discarded.
Account Lockout Max Attempts	Default: `3`. The number of consecutive failed login attempts allowed before an account is locked. If set to `0`, the account lockout is disabled.
Account Lockout Reset Timer	Default: `120` minutes. Minimum: 5 minutes. The period of time required before a user is permitted to attempt to log in again after being locked out. If set to a negative value, the lockout never expires. Note: The administrator must reset the user to log in again.
Alert Email Limiting	Sets the maximum number of alert emails that the system sends over the specified number of minutes. For example, the value 10/60 sets the maximum to `10` messages per hour. The default value of `0/0` indicates that there is not a limit on alert email messages.
Apply inlined steps container environment	Default: `No`. If Yes, applies the environment of the project or library that contains an inlined step. Note: Not supported on Java engines.
Apply server environment last	Default: `No`. If Yes, applies the server environment for the step last. The server environment is applied after the step environment or project environment. This applies only if the environments are specified. Note: Not supported on Java engines.
Audit Maximum String Length	Default: `128` characters. Controls how much information can be recorded for a detailed change. If a string value exceeds this number of characters, a cryptographic hash is stored instead of the original value. The cryptographic hash conserves storage space. For fields that contain sensitive information such as passwords, the cryptographic hash is used regardless of the string length.
Audit Policy	Determines the amount of audit logging. NONE No auditing information is recorded. SECURITY Only security-related information is recorded. The following examples are displayed: Access group creation User session activity BASIC This setting is the default. It is also used if the audit policy value is invalid. Only minimal information is recorded; for example, user, object type, user ID, and action are recorded. DETAILED Records detailed information about the properties that changed, including the old value and the new value. Not all objects can provide this information. For those that cannot, there is no difference between brief and detailed policy. Use the Audit Max String Length system configuration setting to limit the amount of data stored.
Auto-Logoff Minutes	The system automatically logs off idle users. This setting specifies the number of minutes of idle time that must pass before the system logs off a user. When the setting is `0`, the system does not automatically log off users.
AutoClean Error Log Days AutoClean Info Log Days AutoClean Warning Log Days	These values indicate a maximum number of days that each category of entry remains in the audit log. The older entries are automatically deleted. If the value is `0`, the system never deletes entries of that category. String values evaluate to 0 as integers, allowing you to use a value such as Never instead of 0.
Build Cancel Check Frequency	Specifies how often, in seconds, the system checks for build cancellation requests.
Console Port	Port number that the web server uses to listen for Build Forge requests.
Console URL	A URL that the web server uses to listen for Build Forge requests. This value must be set if the console is running on a port other than `80`. If set, it overrides the default console URL with the value. It takes the form `protocol://hostname[:port]`. Example: `http://myHost:81`.
Continue Step Parts On Fail	Determines the run behavior of multiple commands parts in the same step. When set to the default of `No`, a failed command part in the step causes the step to fail. When set to `Yes`, a failed command part does not cause the step to fail. You can run the other command parts in the step. For more information about the command part, see the Infocenter topic "How the system splits a step into parts" (Developing > Working with steps > Controlling execution flow).
Create Missing Paths	Default: `No`. If yes, the system creates paths for projects if the path is not already present.
Database Size Threshold	The threshold of the database size at which the console sends a notice. Remember: Performance on the user interface minimizes as the threshold is approached. Performing a database cleanup or increasing the threshold size restores the performance. Default: `2G`. Note: Not supported on Java engines.
Database Size Threshold Notification	The user name or notification group to which email is sent if the database size threshold is reached. If a user name is used, the address in the Email field for the user is used. See Administration > Users. Note: Not supported on Java engines.
Date Once	Determines whether the .date command value is set once per job or once per step. The behavior depends on the value assigned, as follows: Default: `No`. The .date command value is set once per step. Each step re-evaluates the .date value using the agent machine's time zone. The agent provides the value. Restarts maintain the .date value. They are re-evaluated just like the initial run. The same variable would have a different value for each step where it is used, because the .date value is re-interpreted for each step. `Yes`: The current .date command value is set once per job. The date value is produced using the engine host's time zone rather than the agent's time zone. Restarts maintain the .date value. Enter `Yes` when you use an environment variable that contains .date in email notifications, such as the .email command or notification templates. The environment variables used in the email then use the engine's time zone.
Default Agent Port	Sets the default port number used for making connections to agents.
Default Import Class	Class to use if an imported project has no defined class or has a non-existing class. Default: `Production`
Digest Algorithm	The algorithm for message digest. There is also a corresponding digest_algorithm setting in the agent configuration. Valid values are `SHA1` and `SHA2`. Default algorithm: `SHA1` Note: When you use Secure Hash Algorithm 2 (SHA2) to enable password encryption in the Management Console and the agent, update the password encryption properties file, `bfpwcrypt.conf`. Note: The Perl engine does not support Secure Hash Algorithm 2 (SHA2) in the message digest. SHA2 digest support is for the Java MJC from Build Forge 8.0 and the Build Forge Agent 8.0. If password encryption is not enabled in the configuration properties file, `bfpwcrypt.conf`, use these steps to enable password encryption for SHA2: Rename the password encryption configuration properties file. For example, change the name of the `bfpwcrypt.conf` file to `bfpwcrypt.conf.sha1`. Navigate to Administration > System, and change the Digest Algorithm setting to SHA2. Restart the Management Console. A new `bfpwcrypt.conf` file is created. Enable password encryption. Navigate to Administration > Security and set the Password Encryption Enabled setting to Yes. Click Save and click Update Master BFClient.conf. Optional: Navigate to Administration > Security > Keystore and update the keystore's password. Navigate to Administration > Server > Server Auth, Administration > LDAP, and Administration > User, as appropriate, and update each of the passwords. If the agent also enables password encryption, copy the newly generated `bfpwcrypt.conf` file to the server where the agent is located. If the `ssl_key_password` was encrypted when it was previously set in the `bfagent.conf` file, you must re-encrypt the password. For example, enable `digest_algorithm SHA2` by removing the `#` before the line in the `bfagent.conf` file, then re-encrypt using the command, `bfagent -e <your password>` , on the command line. This creates a new encrypted password. Reset the `ssl_key_password` in the `bfagent.conf` file using this new encrypted password and save it. Restart the bfagent.
Digest Algorithm (continued)	Note (continued): If password encryption is enabled in the configuration properties file, `bfpwcrypt.conf`, use these steps to re-enable password encryption for SHA2: Disable password encryption. Navigate to Administration > Security and set the Password Encryption Enabled setting to No. Click Save and click Update Master BFClient.conf to make sure that the `bf_keystore_password` in the `bfclient.conf` file is not equal to the `{bfcrypt:xxx..}yyy...` format. If the ServerAuth, LDAP, and User passwords have been added or updated since password encryption was initially enabled, navigate to Administration > Security > Keystore, and update each of the passwords. Rename the password encryption configuration properties file. For example, change the name of the `bfpwcrypt.conf` file to `bfpwcrypt.conf.sha1`. Navigate to Administration > System, and change the Digest Algorithm setting to SHA2. Restart the Management Console. A new `bfpwcrypt.conf` file is created. Enable password encryption. Navigate to Administration > Security and set the Password Encryption Enabled setting to Yes. Click Save and click Update Master BFClient.conf. Optional: Navigate to Administration > Security > Keystore and update the keystore's password. Navigate to Administration > Server > Server Auth, Administration > LDAP, and Administration > User, as appropriate, and update each of the passwords. If the agent also enables password encryption, copy the newly generated `bfpwcrypt.conf` file to the server where the agent is located. If the `ssl_key_password` was encrypted when it was previously set in the `bfagent.conf` file, you must re-encrypt the password. For example, enable `digest_algorithm SHA2` by removing the `#` before the line in the `bfagent.conf` file, then re-encrypt using the command, `bfagent -e <your password>`, on the command line. This creates a new encrypted password. Reset the `ssl_key_password` in the `bfagent.conf` file using this new encrypted password and save it. Restart the bfagent.
Enable Quickstart	Default: `No`. All projects display the following icon: . When you click the project, all variables included for the project are checked for the `Must Change` variable type. The project is started if it does not contain a `Must Change` variable. If the project contains a `Must Change` variable, the project does not start. A dialog box describes why it does not start. The following icon changes display: . Note: Only variables defined for the project are checked. Variables defined for steps in the project are not checked. See also Project variable changes made when starting a job. If set to `YES`, the Projects page checks all environments for projects to determine if any variable is set to the `Must Change` type. Projects that are eligible to start immediately, are indicated by the following icon: .
Hard Run Limit	Default: `No`. If `Yes`, the system launches a scheduled build of a project, if the launch does not violate the project Run Limit setting. If `No`, the system ignores the project Run Limit setting for scheduled builds.
Import Default Secure Access Group	When the Import with Secure Access setting is set to `Y`, this setting indicates a default access group for imported projects.
Import Insecure Default Access Group	When the Import with Secure Access setting is set to `N`, this setting specifies a default access group for imported projects. The default group is used only when the import file lacks an access group.
Import with Secure Access	When set to `Y`, the system assigns the default access group listed in the preceding setting to imported data objects. This value overrides any access group specified in the XML file you are importing to help prevent overriding security by importing data. When set to `N`, the system honors any access group settings in imported files.
Inherit Tag	When set to `Yes`, jobs launched by a chain must use the same job tag as the caller. If BUILD_15 of project MasterProject calls project ComponentProject, the job tag and job directory name for the ComponentProject run becomes BUILD_15. Note: The called project always inherits the original tag of the caller, if the caller tag changes during the run. As a result of a .retag command, for example, the called project maintains the tag the caller began with.
Invalid Relative Dir Characters	Sets the characters the system changes to underscores if used in project names.
LASTRUN Format	Enter the value for the BF_LASTRUN format environment variable, using date format characters as defined for the .date command. See .date.
License Server	The license server hostname. It is set during installation. For example: `myhost.mycompany.com`. The value might include a port number. For example: `myhost.mycompany.com:80`. To change the license server, see Changing the license server for the Management Console.
Link Debug Mode	When set to `Yes`, the jobs that have adaptor links defined run a test of the link, instead of running the associated project. The job output contains a single step, which has output from the adaptor. The data is useful when you are troubleshooting your adaptor interfaces. Note: You can set debugging for an individual adaptor link by setting the state of the adaptor link to `Debug`. The state takes precedence over the Link Debug Mode setting.
Link Manual Jobs	Determines whether the system run adaptors through adaptor links when quick starting a project manually, rather than running it from the scheduler. The link check may produce additional output in the BOM for the job. If set to `N`, the link is not checked or runs when the job starts.
Max Console Procs	Sets the maximum number of processes the console runs at a time. Use as a general throttle on console activity. The system manages processes by storing an ID for each process in the database and checking the total before launching a new external process. Ensure that the value is greater than your Run Queue Size setting by a minimum of `5`. Otherwise the system cannot run enough processes to support the run queue. Note: Not supported on Java engines.
Max Inline Depth	Controls the number of levels the system allows for inlining of projects, disallowing projects from infinitely nesting. The default value is `32`. If the value is set to `0`, the system uses `32`. When the system reaches the inline limit, an inlined project that exceeds the limit does not run. The steps are not inserted in the containing project. The message is written to the system messages list: inline abandoned. Note: Not supported on Java engines.
Max simultaneous server tests	Specifies how many server tests can be run at one time. Depending on your system resources, running too many server tests at one time can severely slow or lock up the console.
Max Simultaneous Purges	Controls how many purges can run simultaneously. You can purge as many builds as you want. However, if you exceed more builds than the value in the Max Simultaneous Purges field, they are simultaneously deleted. Default: `20`.
Maximum Refreshes	Maximum number of times that a page automatically refreshes. Default: `50`.
Override Class when Chaining	Determines if the system replaces a chained project class with the class of its caller. The default value `Y` causes the system to override the chained project class and use the caller class instead.
Password Expiration Days	Indicates the number of days before users whose passwords are set to expire have to change their passwords. When the time expires, users are required to change their passwords on next login.
Password Format	Specifies the requirements for user passwords using a format string of six fields separated by periods: `length.char_types.upper.lower.numeric.special` For example: `5.2.u1.l1.n1.s1`. The first two fields specify the following: Minimum password length (characters). Minimum number of character types to use (an integer ranging from 1 through 4) in the four remaining fields. The remaining fields specify a character type and frequency requirement. Each field includes a type and a number. Type: One of u (uppercase), l (lowercase), n (number), or s (special). Uppercase (U, L, N, S) indicates that the character is required. Lower case (u, l, n, s) indicates that the character is optional. Number: Required. Indicates the number of characters that are required if any are used. The types are as follows: U or u to indicate uppercase characters. These characters include all characters that are considered a letter in their respective locales, but are not lowercase. Specifically, it includes characters that are uppercase, title-case, or any letter in single-case languages, for example Chinese. L or l to indicate lowercase characters. This includes all characters that are considered lowercase in their respective locales. N or n to indicate numeric characters. These characters include any character that is considered a digit in its respective locale. S or s to indicate special characters. Any character that does not fit into the previous three categories. It includes all characters that are neither a letter nor a digit. Example: the string 5.2.u1.l1.n1.s1 indicates the following password requirements: At least 5 characters long. Must include characters from a minimum of two of the four categories (uppercase, lowercase, numeric, special). For each type, one character of the type qualifies as a match to count toward the requirement. Passwords such as `abC1x` and `Abc2%` qualify.
Pause Build Forge Engine	When set to `Y`, the system completes any current jobs and pauses the engine. Set it to `N` to return to normal operation.
Public Hostname	When set, the system substitutes the value of this setting for the server host name in the `CONSOLEHOST` variable in notification templates.
Purge Check Time	Sets the frequency for how often the system checks for jobs to purge, in terms of minutes between checks.
QuickReport Public dir	The file system location of the public report designs. In 7.1, use this system setting to specify the fully qualified location to public reports. Your report designs must be in this directory to automatically migrate them. In earlier releases, the default file location (../../reports/public) is relative to the application server installation directory, for example: <bfinstall>/Apache/tomcat/webapps/quickReport.
QuickReport Temp dir	In 7.1, use this directory to specify a fully qualified directory on the same host as the services layer component. The services layer uses this working directory to list the report designs that have been successfully migrated to the database. In earlier releases, this directory was used to temporarily store Quick Report report designs before they were saved to the public or private directory on the file system.
QuickReport Users dir	The file system location of the private report designs. In 7.1, use this system setting to specify the fully qualified location to private reports. Your report designs must be this directory to automatically migrate them. In earlier releases, the default file location (../../reports/users) for private reports is relative to the application server installation directory, for example: <bfinstall>/Apache/tomcat/webapps/quickReport.
Reload Language Packs	Default: `No`. If set to Yes, the console reloads its language packs upon restart and resets this value to `No`. No longer necessary starting in version 7.0.1.
Reset Adaptor Templates	Use this setting to reset the adaptor templates (to copy changes from an update into your configuration). To use it, set the value to `Yes`, and then wait one minute. The system resets the templates and then sets the value back to `No`.
Reset Server Job-Count	Use the setting `Yes` to simultaneously reset the job count (BF_JOBS) for all servers to zero. The reset occurs when the manifest check interval runs. The default is every `10` seconds. After BF_JOBS are reset for all servers, the Reset Server Job-Count value reverts back to the default of `No`.
Restart Report Migration	Default: `No`. In 7.1, if you want to start migration without restarting the services layer component, set this value to `Yes`.
Run Chain Links	Controls whether a launched chain project also launches any attached adaptor links.
Run Queue Size	This value limits the number of jobs the system attempts to run at once. When the number of runs in the queue equals or exceeds this number, the system stops moving runs from the Wait queue to the Run queue until the number of jobs drops below this value. If you change your Run Queue Size, check the Max Console Pros setting, which should be greater than the Run Queue Size by at least `5`.
Save Start Environ	Controls the default value of the `Save Env` check box on the manual start page for a project. When the setting is `Y`, the check box is selected. This is the default. Otherwise, the check box is not selected. If you select the `Save Env` check box, any of your changes will be saved to the environment variables on the Start page and the environment records in the database. Your future build runs will default to those values.
Server Env Before Chain	Determines whether the system sets a step server environment before `Y` or after `N`. This value sets the chaining project environment within the step. The variables in the second environment processed override the variables in the first environment. The default value is `Y`, indicating that the chaining project environment is processed second, and overrides the step server environment. Note: Not supported on Java engines.
Server Read Timeout	The time, in seconds, to wait before the system stops attempting to read the agent. Note: New in 8.0. Only used for the Java master job controller.
Server Retries	Sets how many times the system attempts to allocate a step to a server before it stops and fails the step, when the server matching all of the selectors conditions are found.
Server Write Timeout	The time, in seconds, to wait before the system stops attempting to write to the agent. Note: New in 8.0. Only used for the Java master job controller.
Server Test Frequency	Used with the number of enabled servers to determine how frequently to test and refresh the manifest data for servers. The default is `120` minutes or `2` hours. A value of `0` indicates that you do not have to check the server. During these checks, the system contacts all enabled servers to verify that: The servers are still reachable. The login information for the server is correct. The manifest data for the server is current. Server tests are performed at a minimum of `one server` per minute. The rate increases if the number of servers is larger than this setting. The system distributes the testing evenly over the interval. For example: You have 120 servers and the interval is set to 120 minutes. The system attempts to test one server per minute `120 servers / 120 minutes`. You have 12,000 servers and the interval is set to 1200 minutes. The system attempts to test `10` servers per minute. You have 10 servers and the interval is set to 120 minutes. One server per minute is checked. In this scenario, a server is checked as many as 12 times during the refresh interval. Manual server tests start from the console taking precedence over the automated tests. The complexity of a server's collector can affect throughput. A collector that performs many manual commands to collect data can require more than a minute to complete.
Server Usage Connect Timeout	Note: It is not supported on Java engines. Indicates the maximum number of seconds after creating an agent connection that the management console waits for the connection to open before failing the connection. The connection might also fail if a socket error occurs or the code fails before reaching the timeout period. Indicates the timeout value for an existing connection to an agent. Agents are designed to contact the management console every `15` seconds. If no contact is made during a timeout period, the agent might have stopped or there might be network communication issues. If this value is exceeded, the step fails.
Server Wait Time	Sets the number of seconds between checks to determine if a server has become available. Note: New in release 8.0. Only used for the Java master job controller.
Services layer authentication servlet URL	When set, overrides the programmatically constructed URL to the services layer authentication servlet. If you are using an alias or a non-default port, this setting must be updated using the following format: http://server:port/jas/AuthServlet
SMTP Server	Sets the computer to be used as an SMTP server when sending email notifications. The default setting is `localhost`.
Stack BuildForge Env Variables	The system normally changes the name of BF_ variables that are passed down to a chained project to BF_CALLER_. The setting determines whether the system stacks the naming when chaining goes more than one level deep. The default value is `N`. When the setting is changed to `Y`, the BF_TAG variable derived from a calling project two levels deep, receives the name BF_CALLER_CALLER_TAG.
Step Max Retries	Controls how many times a step attempts to connect to an agent if the first attempt fails. If the step does not connect in the specified number of retries, it fails.
Store User Authentication Locally	Determines if the system caches LDAP or Active Directory user authentication information in encrypted form. The default value is `Yes`. The system is only relevant when you use LDAP or Active Directory authentication. When the setting is `Yes`, the system caches user authentication information in encrypted form and uses it with the _USE_BFCREDS and _USE_BFCREDS_DOMAIN special variables. Note: This value applies user authentication to servers. You can turn off caching by changing the value to `No`. However, if you do turn off caching, the system cannot use the _USE_BFCREDS and _USE_BFCREDS_DOMAIN special variables to use the users credentials when logging onto a server.
System Alert Email	The system sends alert email messages to the address defined by this setting. The default is `root@localhost`. The following email address formats are supported: `username@host.com nameusername@host.com name "<username@host.com>" name <username@host.com> name "username@host.com"` Where `Username` is the email user name. `Name` is an arbitrary string, usually a given name in some form. To send to multiple addresses, separate them with commas (,) or semicolons (;).
System Alert Source	When the system sends alert email messages, it uses the address defined in this setting as the sender. The default is root@localhost. The following email address formats are supported: `username@host.com name username@host.com name "<username@host.com>" name <username@host.com> name "username@host.com"` Where Username is the email user name. Name is an arbitrary string, usually a given name in some form.
System Wide Login Message	Allows you to define a message to be displayed above the login form.
System Wide User Message	Allows you to define a message to be displayed at the top of each page, just below the navigation buttons.
Tag: Date Format	Defines the format used to display the date in the BF_D tag variable. Use the characters `y`, `m`, and `d` as variables for the year, month, and day. This value displays your desired format, along with any special characters as separators. For example, for the date September 21, 2005, the following is displayed: Format string....Output ymd...050921 m/d/y...09/21/05
Tag: Time Format	Defines the format used to display the time in the BF_T tag variable. The Tag: Time format setting uses the characters `h`, `m`, and `s` to represent hours, minutes, and seconds. The setting `h:m:s` renders the following output: `12:53:42`.
Tail Log Amount for Mail Template	Sets the number of lines from the end of a log that is displayed in a notification when the `TAILNORMALLOG` variable is used in the notification template.
Terminate Threads	Determines when a threaded step fails. All other active thread blocks in the same project are stopped.
Trace Agent Datalink	Indicates whether to turn on verbose tracing for communications between the console and agents. Default: `No`
Use Java Master Job Controller as Job Execution Engine	When set to `Yes`, the system uses the Java master job controller to execute the master job controller projects. The Perl engine projects cannot be started. Newly created projects default to using the master job controller, not the Perl engine. When set to `No`, the system only uses the Perl engine to execute the Perl engine projects.