Vrealize Configuration Manager 582 Software Content Repository Tool 61 Guide

Software Content Repository Tool 6.
1 Guide
Software Content Repository Tool 6.1
vRealize Configuration Manager 5.8.2
This document supports the version of each product listed and supports all
subsequent versions until the document is replaced by a new edition. To
check for more recent editions of this document, see
http://www.vmware.com/support/pubs.
EN-001925-00
Software Content Repository Tool 6.1 Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
© 2006–2016 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and
intellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All
other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About This Book 5
Introduction to the Software Content Repository Tool 7
Preparing for SCR Tool Installation 9

Installing the VCM Agent on the Linux and UNIX Machines to be Managed 9
Selecting and Preparing the Host Machine 9
Establish User Credentials 11
Place Trusted Certificates in the Key Store 11
Verifying Access to External Sites 11
Installing the Prerequisite Software for the SCR Tool 13

Install the SCR Tool Software 13
Download the Java Runtime Environment 14
Test the Java Runtime Environment Installation 14
Download the Java Cryptography Extension 14
Configure the SCR Tool 17
Configuring the Red Hat Host Machine 19

Review the Directory Structure 19
Grant Permission to the Repository 20
Update the Properties Files 20
Properties File Parameters 22
Connect the VCM Managed Machines to the SCR Tool 28
Set Logging Levels and Output File Names 28
Managing Patch Content with the SCR Tool 31

Download the Patch Content 31
Schedule Downloads 32
Maintain the Software Content Repository 33
SCR Integration with VCM 33
Troubleshooting the SCR Tool 37

Out of Memory Error 37
Content Download Network Connection Error 38
Cannot Connect to Red Hat Account 38
Session Login to Red Hat Fails 39
Download from Red Hat Fails 39
HP-UX Service Authentication Fails 41
Download from HP Fails 41
Proxy Server Configuration Fails 41
Mismatch in Number of Patches 43
OS Vendor Does Not Accept Credentials 43
OS Vendor Errors 43
Patch Download Errors 44
Obsolete Patches Cause the Download to Fail 45
HTTP Errors Are Not Marked as SEVERE 45
VMware, Inc. 3
Connection Refused Errors 46

Null Pointer Exception Errors 46
SCR 6.1.21 fails to download patches 47
Index 49
4 VMware, Inc.
About This Book
The VMware vRealize Configuration Manager Software Content Repository Tool Guide provides information
about the following topics.
n Preparing the host machine for components and tools.
n Installing and configure components and tools.
n Using the tool to download patch content.
n Troubleshooting errors that might occur.
Intended Audience
This document contains information intended for system administrators who must patch machines in their
network.
To use this information effectively, you must have a basic understanding of how to configure network
resources. You also must fully understand your network’s topology and resource naming conventions.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send
your feedback to docfeedback@vmware.com.
VMware, Inc. 5
Technical Support and Education Resources

The following technical support resources are available to you. To access the current version of this book
and other books, go to http://www.vmware.com/support/pubs.
Online and Telephone To use online support to submit technical support requests, view your
Support product and contract information, and register your products, go to
http://www.vmware.com/support.
Customers with appropriate support contracts should use telephone support
for priority 1 issues. Go to http://www.vmware.com/support/phone_
support.html.
Support Offerings To find out how VMware support offerings can help meet your business
needs, go to http://www.vmware.com/support/services.
VMware Professional VMware Education Services courses offer extensive hands-on labs, case study
Services examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For
onsite pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
6 VMware, Inc.
Introduction to the Software Content
Repository Tool 1
The Software Content Repository (SCR) Tool is a standalone Java client software application that builds a
repository of Linux and UNIX patches and downloads operating system (OS) vendor patch content to the
repository.
The SCR Tool downloads patch content from vendor Web sites, which you use to patch Linux and UNIX
machines. These files include patch signature files (.pls), and OS vendor patch content files (.rpm, .gz,
.tar, .zip) used in the patching background processes. Deployment package files (.plp) are included
and used for patch deployment on Mac OS X. The .plp files contain the vendor patch, which is extracted
based on the properties file settings.
You run the SCR Tool on a Red Hat machine and use the VCM Patching functionality in VMware vRealize
Configuration Manager (VCM) to deploy patches to the VCM managed machines.
To ensure that all patch dependencies are met when VCM deploys the patches, the SCR Tool downloads
all of the necessary patches, except for patches that have been superseded. VCM Patching handles all the
dependencies when the patches are deployed. If the patch was available when the SCR Tool was installed
and configured, the patch downloads. If the patch was not available when the SCR Tool was last run, the
patch will not be available. If the patch is still available from the OS vendor, it will be available for
download using the SCR Tool patch replication process.
The SCR Tool is not used to run patch assessments or deployments. The SCR Tool also does not assess the
machine configuration or the downloaded patch content that is used for patch deployment.
The SCR Tool downloads the patch signature files and OS-vendor patch content from the Content
Download Network (CDN), and downloads subscription-only content from the OS Vendor Content Web
sites. The patches must be accessible to the VCM managed machines through an NFS mount to the
repository on the machine that hosts the SCR Tool. For a diagram of the components and workflow, see
"How to Download Patches with the SCR Tool" on page 8.
VMware, Inc. 7
Figure 1–1. How to Download Patches with the SCR Tool
After you download patches from the vendor Web site, you must use VCM to assess your Linux and
UNIX machines and deploy the patches using the machine group mapping in VCM Patching. For
information about assessments, see the VCM Administration Guide and the VCM online Help.
8 VMware, Inc.
Preparing for SCR Tool Installation 2
Before you install the SCR Tool, you must complete several prerequisite tasks.
This chapter includes the following topics:
Installing the VCM Agent on the Linux and UNIX Machines to be
Managed 9
Selecting and Preparing the Host Machine 9
Establish User Credentials 11
Place Trusted Certificates in the Key Store 11
Verifying Access to External Sites 11
Installing the VCM Agent on the Linux and UNIX Machines to be

Managed
VCM managed machines use an NFS mount to connect to the host machine where the SCR Tool is
installed, to obtain the Linux and UNIX patches for deployment to the managed machines. After the
managed machines obtain the patches, VCM can deploy the patches to those managed machines.
The following VCM managed machines can connect to the SCR Tool host machine.
n AIX
n CentOS
n HP-UX
n Mac OS X
n Oracle Enterprise Linux (OEL)
n Red Hat
n Solaris
n SUSE
Verify that the Linux and UNIX machines to be managed by VCM meet the system requirements. See the
VCM Installation Guide. Then review the VCM Agent installation procedures and install the VCM Agent on
the platform as described in the VCM Administration Guide
Selecting and Preparing the Host Machine

Install the SCR Tool on supported host machines. After the host machine meets all of the requirements, it
can run as a guest in a virtualized environment.
VMware, Inc. 9
You can install the SCR Tool on a 64-bit Red Hat Enterprise Linux Server machine running version 6.0.
You can also install the SCR Tool on a 64-bit Red Hat Enterprise Linux Server machine running version 7.0.
IMPORTANT Use the host machine exclusively to run the SCR Tool and serve as the patch repository.
To download content for each supported platform for patch deployment, the minimum recommended
storage is 950 GB.
Table 2–1. Estimated Host Support for Patch Storage on Platforms
Supported Platform Minimum Storage Required
for Patch Content Files and Payload
AIX 130 GB
CentOS 80 GB
HP-UX 15 GB
Mac OS X 210 GB
Oracle Enterprise Linux (OEL) 80 GB
Red Hat 80 GB
Solaris 325 GB
SUSE 75 GB
Prerequisite
n If you install the SCR Tool on a 64-bit Red Hat machine, verify that 64-bit Java is installed. If it is not
installed, you must install it.
Procedure
1. Select a 64-bit Red Hat Enterprise Linux Server machine to use as the host machine for the SCR Tool.
2. Remove any non-Oracle Java versions.
3. Verify that the host machine has Internet access.
4. Verify that the host machine has adequate storage to download the patch content for each platform to
support patch deployment to all of the machines.
5. Verify that the host machine has Oracle Java Runtime Environment (JRE) version 1.6 or later, 64-bit
only, installed.
6. Ensure that your JAVA_HOME and PATH environments are set to the correct Java instance.
For example:
export PATH=/usr/java/jdk1.6.0_
24/jre/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin
export JAVA_HOME=/usr/java/jdk1.6.0_24/jre
7. Verify that the SCR Tool host machine has Oracle Java Cryptography Extension (JCE) Unlimited
Strength Jurisdiction Policy Files corresponding to the JRE version installed.
The JCE is required for the encryption of credentials to the OS vendor sites.
10 VMware, Inc.
Preparing for SCR Tool Installation
8. If you download Red Hat content, verify that the Red Hat Network (RHN) Management and Update
entitlements are available and associated with the credentials so that SCR can download the RHN
content.
9. Verify that the SCR Tool host machine has sufficient memory for the replicated files.
Linux files require up to 2 GB of memory. All other machines require 1 GB by default.
10. Allow additional memory for the overhead of host OS operations, which vary depending on your
environment.
What to do next
n As your patch content increases because of downloads and storing patch content files and payload, you
must monitor the available disk space on the SCR Tool host machine to avoid disk space problems. The
patch content grows over time as vendors release new patches and content.
n Verify that the Linux and UNIX machines to be managed by VCM meet the system requirements. See
the VCM Installation Guide.
Establish User Credentials

To download OS-vendor subscription-only content for AIX, HP-UX, Red Hat, Solaris, and SUSE machines,
you must establish user credentials to the OS vendor sites.
Procedure
1. Contact the vendor to obtain a subscription to the patch content.

2. Establish your login and password to the vendor site.
Place Trusted Certificates in the Key Store

The Software Content Repository (SCR) Tool requires authentication to the HP-UX Software Assistant
Web site. For the SCR Tool to download recommended patches, and before you use VCM to deploy
patches to HP-UX managed machines, you must follow the HP recommendation to install the trusted
certificate to the key store.
The HP-UX Software Assistant site checks certificates to ensure a secure connection, and validates
authentication by using a trusted certificate. If you do not install the trusted certificate, the HP-UX service
authentication fails, which causes the patch download to fail.
To install intermediate certificates for Software Assistant, see http://kb.vmware.com/kb/2051577.
Verifying Access to External Sites

Depending on the supported platform, the SCR Tool must have access to vendor sites from which to
download patches and payloads.
For sites that are hosted by Akamai, use the URL instead of the resolved IP address. Sites hosted by
Akamai might change IP addresses based on location.
The following sites are hosted by Akamai.
http://configuresoft.cdn.lumension.com/configuresoft
http://novell.cdn.lumension.com/
https://a248.e.akamai.net/f/60/59258/2d/
VMware, Inc. 11
Table 2–2. Access from SCR Tool to External Sites

Platform SCR Tool must Access
All platforms http://*.cdn.lumension.com/

https://*.cdn.lumension.com/
AIX http://www7b.software.ibm.com/
CentOS http://vault.centos.org
You can also use the mirrors returned from the Web service at:
http://mirrorlist.centos.org
HP-UX https://hpsc-pro-hpp.austin.hp.com/service/
https://ftp.itrc.hp.com/wpsl
Mac OS X http://vmware.cdn.lumension.com/
Oracle Enterprise Linux http://public-yum.oracle.com

(OEL)
Red Hat 5 and 6 http://xmlrpc.rhn.redhat.com/XMLRPC
Red Hat 7 https://cdn.redhat.com
Solaris https://getupdates.oracle.com/
SUSE https://you.novell.com/update/
https://nu.novell.com/repo/$RCE/
https://scc.suse.com/
12 VMware, Inc.
Installing the Prerequisite Software for
the SCR Tool 3
The SCR Tool uses several types of software. You must install and test the required software on a
supported host machine, then you install the Software Content Repository Tool on the host machine.
Install the SCR Tool Software 13
Download the Java Runtime Environment 14
Test the Java Runtime Environment Installation 14
Download the Java Cryptography Extension 14
To support the downloads and storing the patch files and payload, and patch deployment, you must install
and test the following software.
n SCR Tool software
n Java Runtime Environment
n (Optional) Java Cryptography Extension
Install the SCR Tool Software

After you install the supporting software, you can install the Software Content Repository Tool software
on the host machine.
Prerequisites
n Complete the preparatory tasks. See "Preparing for SCR Tool Installation" on page 9.
Procedure
1. Access the Download VMware vRealize Configuration Manager Web site at

http://downloads.vmware.com.
2. Click VMware vRealize Configuration Manager.
3. Click the Drivers & Tools tab.
4. Click VMware vRealize Configuration Manager - Tools for 5.8 or later.
5. In the Components section, click Show Details and verify that the version of the SCR Tool is 6.1.
6. Click Download.
7. Unzip the SCR Tool files from SCR-vmware-6.1.21.tar.gz to the directory where the application
files will reside on the host machine.
VMware, Inc. 13
After you extract the SCR Tool files, a root directory contains the subdirectories and files for the supported
Linux and UNIX platforms. This information refers to the root directory as scr_root.
Download the Java Runtime Environment

You download the Java Runtime Environment (JRE) to support the SCR Tool on the host machine.
Prerequisites
n Verify that you can access http://www.java.com.
Procedure
1. Access the Java Web site.
2. Click Downloads.
3. Locate and install Java Runtime Environment (JRE) version 1.6 or later.
4. Use the platform-specific link to display detailed installation instructions for your platform.
Test the Java Runtime Environment Installation

To verify that the Java Runtime Environment installation on the Red Hat host machine works properly,
you can test it.
Prerequisites
n Locate the article titled, "How do I test whether Java is working on my computer?" at
http://www.java.com.
Procedure
1. Verify that the JRE is installed.

2. (Optional) Display the currently installed version of Java.
a. Open a terminal session on the SCR Tool host machine.
b. Run the command java -version.
Download the Java Cryptography Extension

The Java Cryptography Extension (JCE) is required for AIX, HP-UX, Red Hat, Solaris, and SUSE. You must
download and install the JCE installation on the SCR Tool host machine. The JCE encrypts passwords
when you use third party credentials in the properties files used to download patch content.
IMPORTANT If multiple Java SE (Standard Edition) Development Kit (JDK) or JRE installations exist on the
same machine, make sure that you update the correct JDK or JRE instance.
Prerequisites
n Locate the Java SE downloads page at http://www.oracle.com.
14 VMware, Inc.
Installing the Prerequisite Software for the SCR Tool
Procedure
1. Locate and download the Java Cryptography Extension.

If the download page does not detect your Java version, manually locate the correct JCE package.
2. In the JCE zip file, locate the README.txt file.
3. Follow the instructions in the README.txt file to install the JCE on the SCR Tool host machine.
VMware, Inc. 15
16 VMware, Inc.
Configure the SCR Tool 4
VCM 5.8.2 patching for Linux and UNIX requires the Software Content Repository (SCR) Tool. To support
the use of the SCR Tool, VCM uses the properties files for the Linux and UNIX platforms.
The properties files include the environment settings that the SCR Tool uses to download the patch
content for each supported Linux and UNIX platform.
To integrate the SCR Tool with VCM, you must place a special bundle of properties files for the platforms
in a specific directory on the patching repository machine. The properties file names use the format
<platform>-rt.properties.
When you submit a patch download job in VCM during patch deployment, VCM reads a special bundled
runtime file and uses the content in it to create additional required files. When you edit the special bundled
runtime properties files, you must ensure the following restrictions.
n The runtime properties files must not contain relative paths.
n The runtime properties files must have credentials and proxy information as defined in this guide.
Prerequisites
n Download the Java Runtime Environment (JRE) to support the SCR Tool on the patching repository
machine.
n Download and install the Java Cryptography Extension (JCE) on the patching repository Red Hat Linux
machine where the SCR Tool is installed.
n Obtain the special bundle of properties files, Sample-SCR-6.1-Properties.tar.gz, at the same

location where you downloaded the SCR Tool.
n Install the SCR Tool on the RedHat Linux 6, 64-bit patching repository machine, and do not modify the
properties files.
Procedure
1. On the patching repository machine, download the runtime properties files tarball from the same Web
site where you downloaded the SCR Tool tarball or zip file.
2. Extract the contents of the runtime properties tarball into the appropriate /conf directory that you
established when you installed the SCR Tool.
The properties files must be named as follows:
VMware, Inc. 17
n AIX-rt.properties
n CENTOS-rt.properties
n HPUX-rt.properties
n MAC-rt.properties
n ORACLELINUX-rt.properties
n REDHAT-rt.properties
n SOLARIS-rt.properties
n SUSE-rt.properties
3. To modify the runtime properties files, use the Software Content Repository Tool Guide.
IMPORTANT Do not change the file names of the extracted runtime properties files.
18 VMware, Inc.
Configuring the Red Hat Host Machine 5
Configuring the Red Hat machine to host the SCR Tool includes reviewing the directory structure,
granting permission to the patch repository, updating the properties file, connecting the VCM managed
machines to the SCR Tool, and setting the logging levels and output file names.
Review the Directory Structure 19
Grant Permission to the Repository 20
Update the Properties Files 20
Connect the VCM Managed Machines to the SCR Tool 28
Set Logging Levels and Output File Names 28
Review the Directory Structure

Subdirectories are created and organized based on platform type and payload. Verify that the
subdirectories exist in the SCR Tool root directory.
Because running the replications is based on relative paths under the root directory, you can modify the
root directory name.
To determine which .pls files to use for patch assessments, the SCR Tool processes the file named
VMware582.xml, which contains the .lst files used in the assessments.
IMPORTANT Do not delete the patch signature (.pls) files, because they confirm whether the patches are
available. Patch signature files are stored in the platform subdirectories defined by the property parameter
SCR_output_folder.
The SCR Tool downloads patch content based on your established schedule.
Prerequisites
n After the SCR Tool downloads the content from the Content Download Network (CDN), verify that
the individual payload directories contain the patch content.
VMware, Inc. 19
Procedure
1. Open the SCR Tool root directory.

This is the directory where you unzipped the .tar.gz file.
2. Verify that the .pls files are stored in the subdirectories for each platform.
The subdirectories include ./aix, ./centos-nca-*, ./hpux, ./oracle-nca-*, ./osx, ./redhat-
nca, ./solaris, and ./suse-nca.
The platform-nca directories indicate new content architecture directories that have alternative
locations.
3. In the payload directory, verify that the subdirectories contain the platform vendor patch files and the
.plp files.
The new content architecture places some patches in alternative locations.
Patches Location
CENTOS CentOS/rpm
OracleLINUX Oracle/rpm
Red Hat 5,6 RedHat/getPackage/
Red Hat 7 RedHat/rpm/
SUSE SUSE/rpm/
4. In the payload directory, verify that the Mac OS X payload folders contain only .plp files, which
embed the vendor patches.
If extractOSX=true is defined in the properties file for Mac OS X, the physical vendor patch appears.
Grant Permission to the Repository

The host machine must have execute permission for all of the repository application files to access and
update the properties files. To grant this permission, you run a command on the host machine.
Procedure
1. Go to the scr_root directory on the host machine.

2. Open a terminal session.
3. Change directories to the SCR root directory.
4. To change the mode, run the chmod -R a+x **/* command.
5. Change the working directory to scr_root/bin.
Update the Properties Files

User credentials and environment settings are stored in the properties files that the SCR Tool uses to
download the patch content for each supported platform. The download process uses the properties files
to determine how to replicate the patch content on the SCR Tool host machine for each platform.
The format for the properties file names is platform-rt.properties.
Each downloaded replication file requires between 512 MB of RAM (minimum) and 2 GB (maximum).
20 VMware, Inc.
Configuring the Red Hat Host Machine
For Red Hat: If files differ between a Red Hat client and a Red Hat server, such as x86 versus x64, you
must generate a separate scr_root/conf/.properties file for each.
Prerequisites
n Review the properties file parameters in preparation to update the properties files. See "Properties File
Parameters" on page 22.
n For Red Hat: When files differ between a Red Hat client, a Red Hat server, and architectures, such as
x86 and x64 versions, you must generate individual properties files for the client, server, and each
architecture in the SCR root directory. For example: scr_root/conf/RedHat_version_or_
arch.properties.
Procedure
1. Access the directory named scr_root/conf and locate the Linux and UNIX properties files.
Platform Properties File Name
AIX scr_root/conf/aix-rt.properties
CentOS scr_root/conf/centos-rt.properties
HP-UX scr_root/conf/hp-rt.properties
Mac OS X scr_root/conf/osx-rt.properties
Oracle Enterprise Linux (OEL) scr_root/conf/oracle-rt.properties
Red Hat scr_root/conf/redhat-rt.properties
Solaris scr_root/conf/solaris-rt.properties
SUSE scr_root/conf/suse-rt.properties
2. Create an encrypted password.

a. At the scr_root/bin directory prompt, type # ./lumension_encryptor_tool.sh.
The encryptor tool returns the string, "MyPassword".
b. Enter your password twice, and ignore any strings returned by the encryptor tool.
c. When the encryptor tool returns the encrypted password string, open the scr_
root/conf/platform-rt.properties file and copy the string into the encrypted password
field.
The entries appear as follows.
pwd=encryption_string
user=user_name
What to do next
n Update the properties file parameters for the platforms to patch. See "Properties File Parameters" on
page 22.
n To automate a process to run the scripts using OS schedulers, such as cron or at, see "Managing Patch
Content with the SCR Tool" on page 31.
VMware, Inc. 21
Properties File Parameters

You can use the properties file parameters to customize the download process that replicates the patch
content on the SCR Tool host machine.
The following parameters are available.
platform
The platform parameter specifies the type of patch content to download.
platform=platform_name
arch
The arch parameter must include one or more valid architecture strings for the specified platform.
Multiple values must be comma separated without spaces.
arch=arch_type1,arch_type2,...
dist
dist=distribution_name
For Red Hat and SUSE platforms, the dist parameter is required. Multiple values must be comma
separated without spaces.
Table 5–1. Property Parameters for Platforms, Distributions, and Architecture
platform dist arch
AIX POWERPC
LINUX CENTOS X86, X86_64
HP_UX PA_RISC, ITANIUM
LINUX ORACLE X86, X86_64
OSX X86, PPC
LINUX REDHAT X86, X86_64
LINUX SUSE X86, X86_64
SOLARIS X86, SPARC
folder
Defines the root folder where the SCR Tool output is stored. By default, this folder is
/tmp/SCR/download.
folder=SCR_output_folder
The SCR Tool creates the subdirectory tree under the root output folder.
n The platform architecture directory SCR_output_folder/platform/architecture contains the
.pls files.
n The payload platform architecture directory SCR_output_
folder/payload/platform/architecture contains the patch content files, such as .plp, .zip,
.rpm, .htm, and .jar files.
22 VMware, Inc.
keyfile
keyfile=string
Do not modify.
key
key=string
Do not modify.
index
index=VMware582.xml
Do not modify.
program
program="."
Do not modify.
extractOSX
For the Mac OS X platform only. If the value is true, PLP files for the Mac OS X content are extracted.
When run, this parameter specifies to extract the embedded .dmg vendor patch files from the
corresponding .plp files. When used with any other platform, this parameter has no effect.
extractOSX=true or false
thirdparty
Set the value to true to support third party downloads for CentOS, Oracle Linux, Red Hat, Solaris, and
SUSE.
thirdparty=true or false
The SCR Tool first attempts to download payload from Lumension's CDN. If the patch is not found in the
CDN, the SCR Tool downloads it from the vendor Web site, such as Red Hat, SUSE, or Solaris, using the
credentials provided in user and pwd.
user
User ID for third party vendor downloads, such as Solaris or HP UX.
user=string
pwd
Encrypted password for the third party vendor downloads. This password is generated using the
lumension_encryptor_tool.sh script.
pwd=string
configlog
This parameter specifies an output file, which contains a list of parameters and values. These values reflect
the parameter configuration used during the last or current execution of the SCR Tool, and can be used to
troubleshoot problems.
VMware, Inc. 23
configlog=config_log_file_path/filename.log
checkPayload
checkPayload=true or false
Enables the SCR Tool to audit and verify payload content for .pls files. If the .pls files do not match the
.pls or .plp files, this option causes the SCR Tool to download or replace the payload files.
This parameter defaults to false if not included in the properties file or not explicitly set to true. The value is
set to true by default in each properties file.
n If the value is true, the SCR Tool validates every payload file for every .pls file, whether it is new,
modified, or unchanged.
n If the value is false, or not provided, the SCR Tool downloads and loops through each new or modified
.pls file. The process downloads any payload data, which includes .plp files and vendor patch files
that correspond to each downloaded .pls file.
dependencyCheck
Turns off dependent RPM download for Linux platforms.
dependencyCheck=true or false
When the value is true, the SCR Tool downloads all of the dependent RPMs recursively. During the initial
replication, which is performance intensive, this process downloads each package and dependencies.
When the value is false, the SCR Tool downloads only the RPMs declared in the OS vendor errata. This
process might cause the SCR Tool to miss some dependent packages during the replication from the OS
vendor. This option is the default value.
channels
Specifies the channels of content to download so that you can manage content according to environment
needs. Multiple values must be comma separated without spaces.
channels=channel1,channel2,...
For example, for Red Hat: channels=es-4,server-5

By default, excluding this switch enables all channels. By adding this switch, you can limit the duplication of
content during the download by specifying only the patches or packages that apply to your environment.
Duplicate content primarily affects Linux distributions.
Table 5–2. Property File Channels
Platform Channel
AIX 6_1
7_1
technologylevel_aix61
technologylevel_aix71
CentOS cent5, cent6, cent7
HP-UX 11_11
11_23
11_31
24 VMware, Inc.
Platform Channel
Oracle Enterprise Linux (OEL) orae5, orae6, orae7
OSX 10_6
10_7
10_8
applications
Red Hat client-5

server-5
workstation-6
server-6
client-7
workstation-7
server-7
Solaris sol10
SUSE SLES10-Updates
SLES10-SP1
SLES10-SP2
SLES10-SP3
SLES10-SP4
SLES11-Updates
SLES12-Updates
SLES11-SP1
SLES11-SP2
SLES11-SP3
downloadPayload
If the value is true, all patches are downloaded. If the value is false, only the patches with UIDs that are
included in the cache request folder are downloaded. If the value is false and there is no cache request
XML, the content is processed but no patches are downloaded.
downloadPayload=true or false
cacheRequestFolder
cacheRequestFolder=path/CacheRequest.xml
The cache request XML file is used to limit the downloaded patches to only those for which you obtain
UIDs from the ecm_sysdat_patch_pls table in the VCM database.
Extract the .pls UIDs from the database and create an XML file similar to the one below, then update the
cacheRequestFolder path to the file location.
To obtain the UID of a patch, run the following command where the name is required to find the patch for
the architecture and version, and the identifier is the name of the bulletin to download the patch using the
UID. In this example, the identifier value is RHBA-2007:0622-02.
select name, [uid]
VMware, Inc. 25
from ecm_sysdat_patch_pls
where identifier = 'RHBA-2007:0622-02'
To include the prerequisites for the patch, use the following queries.
select name, [uid],prerequisite_uids
where identifier = 'RHBA-2007:0622-02'
To include the prerequisites for the prerequisite patches, use the following query where {13A7294C-
2D7C-4CA2-AD7D-10592D79C9B9} is a prerequisite for RHBA-2007:0622-02.
select name, prerequisite_uids
where [uid] = '{13A7294C-2D7C-4CA2-AD7D-10592D79C9B9}'
Here is a sample cache request file.

<CacheRequests>
<Request>
<PatchID type="UID">
{8E4D5C21-51A6-43B0-AA63-DBB5B51DD9D2}
</PatchID>
</Request>
<Request>
{DD1A967A-CB04-4C30-A18F-6C46A5568019}
</PatchID>
</Request>
<Request>
{E3A8AF68-58EA-4B71-B6E2-173230C3EF64}
</PatchID>
</Request>
</CacheRequests>
proxyServer
Proxy server IP address.
proxyServer=IP_address
proxyPort
Proxy server port.
proxyPort=port_number
26 VMware, Inc.
proxyUser
User ID for proxy server authentication.
proxyUser=string
proxyPwd
Encrypted password for the proxy server. This password is generated using the lumension_encryptor_
tool.sh script.
proxyPwd=string
tmpDir
Temporary working directory that the AIX patch replication script uses to download and create .tar.gz
files. Although the AIX patches are comprised of files, the SCR Tool and VCM depend on the .tar.gz
files for patch deployment. The patch replication process downloads individual files into /tmpDir, which
are compressed into a .tar.gz file that VCM uses for bulletin information in the deployment script. The
user who runs the SCR Tool must have read and write permissions to this directory.
tmpDir=/tmp/
Certificate
The file containing your RedHat entitlement certificate. This file is created in /etc/pki/entitlement by
subscription-manager when you attach a subscription to your registered RedHat system. The filename of
the certificate varies but is always in the form XXXXXXXXXXXXXXXXXXX.pem where X is a decimal digit. If
there are multiple certificates in this location, you can view their contents with OpenSSL by running
openssl x509 -in cert-file.pem -noout-text, substituting the actual filename of your certificate.
If you attempt to download RedHat 7 RPMs without setting a certificate, the following error message
appears
java.lang.IllegalArgumentException: certificate cannot be null or not a file
For example
certificate=/etc/pki/entitlement/5280746408908734973.pem
privateKey=/etc/pki/entitlement/5280746408908734973-key.pem
The following command is used to register RHEL7 with Red Hat Subscription Management:
subscription-manager register --username <User_Name> --password <Pass_Word> -
-auto-attach
sles12User
sles12User=SCC_ba7……db1
sles12Pwd
sles12Pwd=167…..871
SuSE12 specification
sles12User and sles12 Pwd parameters are required for SLES12 platform.
VMware, Inc. 27
1. New credentials are now needed to access SUSE12 content and is through subscription management at
https://scc.suse.com, the SUSE Customer Center (SCC).
a. Create an account if you do not have one created.
b. Purchase the appropriate subscription (SUSE Enterprise Desktop or Server) from
https://www.suse.com/shop/.
Note: SCC processes new subscription purchases usually within a few days.
c. Register any one SUSE12 host(s) from the host or VM through SUSE Customer Center
Configuration application under YaST Administration Settings. The SCR repository host
registration is not mandatory for SCR executions.
2. Enter subscription credentials in the SCR repository machine at ../conf/suse-rt.properties for
sles12User or sles12Pwd properties.
For example, new Suse-rt.properties:
...
#SUSE12 Customer Center (SCC) Credentials
sles12User=SCC_ba7……db1
sles12Pwd=167…..871
Once you register the SLES12 Hosts to SCC , SCCcredentails file is created under
/etc/zypp/credentials.d/SCCcredentials. Enter appropriate values for sles12User and
sles12Pwd available at /etc/zypp/credentials.d/SCCcredentials.
Connect the VCM Managed Machines to the SCR Tool

To establish communication between the managed machines and the host machine, connect the VCM
managed machines to the SCR Tool.
Procedure
Connect the managed machines to the SCR Tool. You must take this action for each platform type.
n Create a mount point to the respective platform directory on the SCR Tool machine that contains the
patch payload for the platform.
n Use a remote command to mount the VCM managed machine at the time of patch deployment.
n Use a remote command to FTP the files to the managed machine when the patches are deployed.
Set Logging Levels and Output File Names

The SCR Tool provides flexible logging settings and properties to customize your logging levels.
The logging levels and output file names reside in the individual <platform>-rt.properties file for
each platform type.
Table 5–3. Property Files with Logging Levels and Output File Names
AIX scr_root/conf/aix-rt.properties
CentOS scr_root/conf/centos-rt.properties
28 VMware, Inc.
HP-UX scr_root/conf/hp-rt.properties
Mac OS X scr_root/conf/osx-rt.properties
Oracle Enterprise Linux (OEL) scr_root/conf/oracle-rt.properties
Red Hat scr_root/conf/redhat-rt.properties
Solaris scr_root/conf/solaris-rt.properties
SUSE scr_root/conf/suse-rt.properties
You can set the custom logging levels and output file names in these properties files for each run of the
SCR Tool. You can use specific logging parameters for each specific patch distribution.
Procedure
1. Locate and open an individual <platform>-rt.properties file.

2. Set the following properties to the required level of logging.
java.util.logging.FileHandler.level
java.util.logging.ConsoleHandler.level
com.lumension.level
By default, all scripts log data to the same file name pattern at the INFO logging level. The logging
values include several levels.
n SEVERE
n WARNING (valid, but not used)
n INFO (recommended for production)
n CONFIG (valid, but not used)
n FINE (debug)
n FINER (debug)
n FINEST (debug)
3. To customize log file names, change the output java.util.logging.FileHandler.pattern=path
parameter.
VMware, Inc. 29
a. Verify that the java.util.logging.FileHandler.pattern=path entry includes the path.

For example: ../logs/scr-messages-rh-%g.log
b. To generate distinct file names, use special substitution variables.
Variable Description
/ Local path name separator.
%t System temporary directory.
%h Value of the user.home system property.
%g Generated number to distinguish rotated logs.
%u Unique number to resolve conflicts.
%% Translates to a single percent sign %.
4. To select where the log stream is written, change the handlers=handler_name property.
Valid values are written to the file handler log file or the console handler stderr output.
Option Description
java.util.logging.FileHandler If you use this handler, the SCR Tool generates logs
in the file specified in the <platform>-
rt.properties file.
java.util.logging.ConsoleHandler If you use this handler, the SCR Tool generates logs
in the console.
5. To increase or decrease the number of bytes written to the log files before a new log is started, update
the java.util.logging.FileHandler.limit=bytes value.
6. To set the maximum number of log files to retain before overwriting the oldest, update the
java.util.logging.FileHandler.count=log_file_count value.
7. To append logging entries to the last used log file, configure
java.util.logging.FileHandler.append=true.
If the value is false, the SCR Tool writes to a new log file.
30 VMware, Inc.
Managing Patch Content with the SCR
Tool 6
The SCR Tool downloads patch content files from the Content Download Network (CDN), which is
managed by Akamai, the hosted content service provider. The SCR Tool obtains any additional patches
from the AIX (IBM), CentOS, HP-UX, Mac OS X, Oracle Enterprise Linux (OEL), Red Hat, SUSE, and Solaris
vendor Web sites, and saves those patches in your defined directories.
The SCR Tool performs delta downloads. After the first download, successive downloads retrieve only the
differences in patch content that occurred since the last download. When the files download, the patch
source, CDN, vendor, and other information is written to the log files.
IMPORTANT Do not delete the patch signature (.pls) files, because they confirm whether the patches are
available. Patch signature files are stored in the platform subdirectories defined by the property parameter
SCR_output_folder.

Download the Patch Content 31
Schedule Downloads 32
Maintain the Software Content Repository 33
SCR Integration with VCM 33
Download the Patch Content

You download patch content to the SCR Tool machine so that you can deploy the patches to the supported
VCM managed machines.
Prerequisites
n If you run multiple replication processes simultaneously on a single SCR Tool host machine, verify that
the host machine has sufficient memory to support each process. Insufficient memory might cause
errors.
Procedure
1. To specify a schedule to run the shell commands, use a crontab command to run the updated
properties files.
2. From the directory defined as SCR_output_folder, open a terminal session.
3. Run the following commands to interactively track the progress of the download.
date; df -k ; du -k | grep -i Vendor_Name
When the patch download process is finished, use VCM to patch the Linux and UNIX managed machines.
VMware, Inc. 31
Schedule Downloads
You can use OS schedulers, such as cron or at, to automate the process to replicate the patches.
Automating the patch replication process is preferable, because the download process might require you
to run the startup file more than once to retrieve all of the content for a particular vendor.
The SCR Tool does not provide embedded scheduling. If you connect multiple platforms to the same
repository, you must schedule the startup script to run separately for each platform.
Prerequisites
n Complete at least one replication for each operating system before you add the startup script to a
scheduling service. The initial replication might take longer than one day for each operating system.
Procedure
1. On the SCR Tool machine, go to the scr_root/bin directory.

2. Create a file that contains a list of all platforms for which you have a content subscription.
3. Comment out the platforms that are not necessary or for which you do not have a subscription, and
save the file.
4. Use the following command to create a file to schedule the replication download.
vim start_all_nix_replication.sh
5. To replicate all platforms, add the following content to the file, omit entries for unused platforms, and
save the file.
#!/bin/sh
echo Running startup.sh aix-rt

./startup.sh aix-rt
echo Running startup.sh centos-rt
./startup.sh centos-rt
echo Running startup.sh hp-rt

./startup.sh hp-rt
echo Running startup.sh oracle-rt
./startup.sh oracle-rt
echo Running startup.sh osx-rt

./startup.sh osx-rt
echo Running startup.sh redhat-rt
./startup.sh redhat-rt
echo Running startup.sh solaris-rt
./startup.sh solaris-rt
echo Running startup.sh suse-rt
./startup.sh suse-rt
6. Set the mode of the script to executable.
chmod +x start_all_nix_replication.sh.
32 VMware, Inc.
Managing Patch Content with the SCR Tool
7. Change directory to /etc/cron.daily.

8. Use the following command to create a new file.
vim SCR
9. Add the following content to the file to begin the patch replication process, and save the file.
#!/bin/sh
cd scr_root/bin
echo "### Get all new unix content"
./start_all_nix_replication.sh
10. Set the mode of the file to executable.

chmod +x SCR
The script runs daily and synchronizes your patch content.
Maintain the Software Content Repository

You can monitor the log files and activities to maintain the patch repository and its performance.
Prerequisite
n Before you run or schedule patch content downloads, verify that the SCR Tool host machine has
adequate disk space available. See "Selecting and Preparing the Host Machine" on page 9.
Procedure
1. Monitor the size of the log files.

n If you specified a rotation in the log file properties, the log file content does not require cleanup.
n If you did not specify a rotation, you must clean up the log file content so that it does not consume
unnecessary amounts of memory.
2. Review the activities logged in the platform specific property files named <platform>-
rt.properties.
SCR Integration with VCM

To perform patch deployment on different *nix platforms, SCR tool is needed in VCM. SCR tool can be
installed on RHEL6.0x64Server or RHEL7.0x64Server machines depending on the requirements. This
involves making appropriate changes to the VCM Administration Settings under Certificates, Unix
Patching, and Machine Group Settings.
Prerequisite
VCM supports HTTP, HTTPs, File, NFS, and FTP protocol for patch staging. You must configure the SCR
RHEL box with necessary protocol as per your requirement.
Certificate Settings
Add the RHEL machine that has SCR Tool to the VCM licensed UNIX machines, install agent and perform
collection.
VMware, Inc. 33
1. Navigate to Administration > Certificates in VCM after successful collection on the SCR machine.
2. Select the SCR machine and click Change Trust Status. Select Check to trust or untrust the selected
machines. Click Next and then click Finish.
Now the SCR machine is trusted to download the patches.
3. Make this SCR RHEL machine as a patching repository machine. Select the SCR machine and click
Patching Repository. Select the Enable option. Click Next and then click Finish.
Now the SCR machine is marked as the Patching Repository for the VCM Server.
Additional Settings
The following settings have to be modified depending upon the protocol you have configured on the SCR
machine.
Make appropriate changes to the Settings by clicking Edit Setting under Administration > Settings >
General Settings > Patching > Unix > Additional Settings.
1. Default UNIX/Linux Patching repository Path (Point No.11). Path where the SCR will download the
required packages. This is same as the path exposed to the protocol configured on the SCR box.
2. Default UNIX/Linux Patching repository SCR base Path (Point No.12). Base path where SCR is installed
on SCR box.
Patch Staging Settings
These settings are required for VCM to know the Protocol and Repository details that are configured on
the SCR machine.
Make appropriate changes to the Settings as per the protocol used to configure the SCR tool under
Administration > Settings > General Settings > Patching > Unix > Patch Staging.
1. Click Add. Enter the desired name for the setting. Click Next.
2. Select the option Obtain patches from the Patching Repository: (The SCR Machine is displayed
here, which we had marked as Repository machine in Certificates Settings). Click Next.
3. Enter the Repository Path that you have configured to use for your protocol. Repository path is the
path where the user has exposed the default directory for their respective protocol on the SCR
machine.
4. Select the protocol configured on the SCR machine and provide appropriate user credential details
whenever necessary.
Machine Group Settings
Machine Group settings are required to map the machine groups with the protocol information added in
Patch Staging Settings.
1. Create a machine group and add all the target machines that are to be patched under this machine
group.
2. Navigate to Administration > Settings > General Settings > Patching > Machine Group Mapping,
select the machine group that you would want to patch, and click Edit.
3. Select your protocol (that you added in Patch Staging Settings) in the drop down at Source for
Staged Patches. The URL appears with the specific protocol and the repository path. Make sure this
URL is accessible from the target machines that you intend to path.
4. Click Next and then click Finish.
34 VMware, Inc.
Managing Patch Content with the SCR Tool
VMware, Inc. 35
36 VMware, Inc.
Troubleshooting the SCR Tool 7
The SCR Tool troubleshooting information provides procedures to diagnose and fix problems that you
might encounter when you use the SCR Tool or download patch content.
Out of Memory Error 37
Content Download Network Connection Error 38
Cannot Connect to Red Hat Account 38
Session Login to Red Hat Fails 39
Download from Red Hat Fails 39
HP-UX Service Authentication Fails 41
Download from HP Fails 41
Proxy Server Configuration Fails 41
Mismatch in Number of Patches 43
OS Vendor Does Not Accept Credentials 43
OS Vendor Errors 43
Patch Download Errors 44
Obsolete Patches Cause the Download to Fail 45
HTTP Errors Are Not Marked as SEVERE 45
Connection Refused Errors 46
Null Pointer Exception Errors 46
SCR 6.1.21 fails to download patches 47
Out of Memory Error

Insufficient memory on the SCR Tool host machine might cause the SCR Tool to report that the system is
out of memory.
Problem
The SCR Tool reports the error OutofMemoryErrorChange.
Cause
If you run multiple batch files simultaneously on a single SCR Tool host machine, the machine might not
have sufficient RAM to support each process.
VMware, Inc. 37
Solution
Verify that the SCR Tool host machine has enough memory to run the patch replications, or run fewer
concurrent replications. Each patch replication is configured to require between 512 MB of RAM minimum
and 2 GB maximum.
Content Download Network Connection Error

The connection between the SCR Tool and the Content Download Network (CDN) might disconnect
occasionally.
Problem
The SCR Tool cannot connect to the CDN.
Cause
The SCR Tool host machine cannot connect to the Internet.
Solution
1. Verify that the SCR Tool host machine can connect to the Internet.
2. Ping the address of the CDN server, which is contained in the logs.
3. If the ping to the server is not successful, determine whether a host resolution problem exists, or
determine if blocks exist in your firewall, then take the appropriate action to resolve the problem.
Cannot Connect to Red Hat Account

When account information changes for Red Hat, you must resynchronize the Software Content
Repository Tool with the Red Hat repository and update the startup script to use the new account
information.
Problem
The SCR Tool connection to the Red Hat repository fails.
Cause
Red Hat account information changed.
Solution
Synchronize the SCR Tool with the Red Hat repository.

1. Select the SCR Tool output folder and delete all of the SystemId*.xml files.
For example:
cd PatchRepo/Repos/unix
rm SystemId*.xml
The path to the unix folder is located in the properties file, and is defined using the folder=value
parameter. For example: folder=/PatchRepo/Repos.
2. Log in to your Red Hat network content download site.
3. Locate any systems that were created by the SCR Tool whose names begin with redhat-nca*, and
38 VMware, Inc.
Troubleshooting the SCR Tool
delete them.
4. On the SCR Tool host machine, from the scr_root/conf directory, open the properties file and
verify that it is updated with the new username and encrypted password.
5. Run the replication process again.
Session Login to Red Hat Fails

An incorrect entry in the Red Hat .properties file causes the session login from the Software Content
Repository (SCR) Tool to fail.
Problem
When you attempt a patch download from the Red Hat vendor site, the following error occurs.
SEVERE: Failed to establish login session with RHN
Cause
The unix directory is defined in the folder property file parameter in your RedHat-rt.properties
file.
If all entitlements are exhausted, the SCR Tool reports similar errors and additional log messages.
Solution
The property file parameter of folder defines the root folder to store the SCR Tool output.
1. Open the RedHat-rt.properties file and remove the unix directory from the defined folder
property, and save the file.
The entry in the properties file resembles: folder=SCR_output_folder
2. Verify that the user defined in the RedHat-rt.properties file is not a shared user account that is
used on multiple managed machines or by many individuals.
The entry in the properties file resembles: user=string
3. Verify that the SCR Tool host machine is not using native OS tools to update the operating system.
Download from Red Hat Fails

If you change or delete source machine information at Red Hat Network, patch download fails until you
reset the SCR Tool so that the correct source machine information is synchronized with the Red Hat
repository.
Problem
The log in to Red Hat succeeds, but the patch download fails with an error. For example:
FINE: Login Response XML is Server ID = Auth User ID = Auth Server Time =
Auth Expire = Auth = Channel = []
Aug 17, 2011 3:45:19 PM com.lumension.scr.pojo.SCPackage download
FINE: Downloading filegetPackage/mailman-2.1.5.1-34.rhel4.6.i386.rpm
Aug 17, 2011 3:45:19 PM com.lumension.scr.rhn.RHNRPMFile download
FINE: Downloading RPM file /patchRepo/repos2/RedHat/getPackage/mailman-
2.1.5.1-34.rhel4.6.i386.rpm
Aug 17, 2011 3:45:19 PM com.lumension.scr.client.StandaloneSCRepositoryClient
download
SEVERE: Package Download Exception
com.lumension.scr.exception.SCRException: Primary patch file failed download:
VMware, Inc. 39
RHSA-2007:0779-04 getPackage/mailman-2.1.5.1-34.rhel4.6.i386.rpm
at com.lumension.scr.pojo.SCPackage.download(SCPackage.java:472)
at com.lumension.scr.client.StandaloneSCRepositoryClient .download
(StandaloneSCRepositoryClient.java:389)
at com.lumension.scr.client.StandaloneSCRepositoryClient .process
at com.lumension.scr.client.StandaloneSCRepositoryClient .main
Cause
Source machine information was changed or deleted on the Red Hat Network (RHN).
Solution
Resynchronize the SCR Tool with the Red Hat repository.

1. Select the SCR Tool output folder and delete all of the SystemId*.xml files.
For example:
cd PatchRepo/Repos/unix
rm SystemId*.xml
The path to the unix folder is located in the properties file, and is defined using the folder=value
parameter. For example, folder=/PatchRepo/Repos.
2. Run the replication process manually or allow it to run on schedule.
40 VMware, Inc.
HP-UX Service Authentication Fails

The HP-UX service validates authentication through the use of a trusted certificate.
Problem
The HP-UX Software Assistant performs checks for published security issues, installed patches that have
warnings, and missing patches that have critical fixes. The HP-UX Software Assistant checks certificates to
ensure a secure connection. When you use the SCR Tool to download recommended patches, if a trusted
certificate does not exist when the HP-UX Software Assistant validates the connection, the following error
occurs.
Failed to authenticate with HpUx Service
com.lumension.scr.exception.UnableToAccesURL:
javax.net.ssl.SSLHandshakeException:
Cause
A trusted certificate does not exist or a change in HP-UX authentication occurred.
Solution
If you encounter this error with the HP-UX Software Assistant, install a trusted certificate in the key store
based on HP's recommendation. See the online HP information about installing intermediate certificates
for Software Assistant.
To install intermediate certificates for Software Assistant, see http://kb.vmware.com/kb/2051577.
Download from HP Fails

HP-UX downloads require proprietary authentication.
Problem
You cannot access or download patch content from the HP Web site using the SCR Tool.
Cause
A change in HP-UX authentication occurred.
Solution
An internal VMware Knowledge Base article exists. Contact VMware Technical Support to open a service
request, and refer to KB article 2008242.
Proxy Server Configuration Fails

Failure to configure a proxy server properly for platform-specific patch content downloads with the SCR
Tool might generate proxy connection errors.
Problem
When you use the SCR Tool to download patch content for a specific Linux or UNIX platform, the proxy
server configuration fails. The scr_root/logs/scr-messages-0.log file displays a No Proxy
connection error, and the SCR Tool cannot process the request for the platform.
For example:
Mar 12, 2013 6:19:48 AM com.lumension.scr.log.CommonsLogging info
VMware, Inc. 41
INFO: Starting Standalone Repository Client

INFO: Using runtime profile : solariskarl-rt
INFO: System Configuration: ( {keyFile=./vmware.plk, folder=/SCR/download,
platform=SOLARIS, configlog=../logs/Solaris-Config.log,
user=you@yourdomain.com, dependencyCheck=false, program=".", thirdparty=true,
channels=sol10, arch=SPARC, downloadPayload=true, index=VMware57.xml,
cacheResponseFolder=/SCR/bin/../cacherequest,
cacheRequestFolder=/SCR/bin/../cacherequest, checkPayload=true} )
INFO: Decrypting Password
INFO: Creating Repositoryconfig
Mar 12, 2013 6:19:48 AM com.lumension.scr.log.CommonsLogging infoexit
INFO: SunSolve Configuration setup
INFO: Lumension Content Processing begin
INFO: Processing Architecture SPARC
INFO: No Proxy connection
Mar 12, 2013 6:22:57 AM com.lumension.scr.log.CommonsLogging error
SEVERE: Error processing architecture SPARC
Mar 12, 2013 6:22:57 AM com.lumension.scr.log.CommonsLogging error
SEVERE: com.lumension.scr.exception.UnableToProcessContentXMLException:
com.lumension.scr.exception.UnableToAccesURL: java.net.ConnectException:
Connection timed out
INFO: Lumension Content Processing end
INFO: System Configuration: ( {keyFile=./vmware.plk, folder=/SCR/download,
platform=SOLARIS, configlog=../logs/Solaris-Config.log,
user=you@yourdomain.com, dependencyCheck=false, program=".", thirdparty=true,
channels=sol10, arch=SPARC, downloadPayload=true, index=VMware57.xml,
cacheResponseFolder=/SCR/bin/../cacherequest,
cacheRequestFolder=/SCR/bin/../cacherequest, checkPayload=true} )
Cause
The proxy server parameters in the platform-specific properties file are not correct.
42 VMware, Inc.
Solution
Review and correct the proxy server parameters in the properties file used to download patch content for
the Linux or UNIX platform, including the IP address, port, user ID for authentication, and encrypted
password.
Mismatch in Number of Patches

The number of patches on the vendor download site exceeds the number of patches verified by the SCR
Tool host machine.
Problem
A mismatch appears to exist in the number of patches available to the SCR Tool versus the number of
patches listed by the vendor.
Cause
The SCR Tool host machine verifies the security patches recommended by the vendor. Because not all of
the patches on the vendor download site are for security, the patches available to the SCR Tool are a
subset of the total number of patches available.
If a patch signature list (.pls) file was downloaded, but the startup script stopped running before the
payload finished downloading, a true mismatch can occur.
Solution
1. Run the startup script again.

2. If a patch appears to be missing, delete the corresponding .pls file for the missing patch, and
download the content again.
OS Vendor Does Not Accept Credentials

When you attempt to connect to the Content Download Network, the OS vendor does not accept your
login credentials.
Problem
The OS vendor does not accept your credentials.
Cause
Your credentials might be outdated or the password might have changed.
Solution
1. Contact the vendor and verify that your credentials to the vendor's site are valid.
2. Review the content of the /conf/distribution-rt.properties file, and verify that the correct
user is defined.
3. If the password has changed, update the password in the /conf/distribution-rt.properties
file.
OS Vendor Errors
When you attempt to connect to the Content Download Network, the OS vendor download Web site
reports an error.
VMware, Inc. 43
Problem
When you attempt to download patch content, an error occurs on the OS vendor download Web site. For
example:
Mar 24, 2011 3:33:19 PM sun.net.www.protocol.http.HttpURLConnection
getInputStream
FINE: HYPERLINK "mailto:sun.net.www.MessageHeader@1a4e8a118"
sun.net.www.MessageHeader@1a4e8a118 pairs: {null: HTTP/1.1 401 Authorization
Required}{Date: Thu, 24 Mar 2011 21:35:03 GMT}{Server: Apache}{X-RHN-Fault-Code:
-33}
Cause
Errors might occur in the following cases.

n You attempted to use the #channels parameter in a properties file but you are not entitled to use the
command.
n At the time of download, an excessive number of concurrent logins are accessing the OS vendor site.
Solution
n If multiple users in your environment are manually connected to the download Web sites, wait until
they are finished before you connect again.
n Limit user connections to the OS vendor download Web site during patch replication, and restart the
patch replication process.
Patch Download Errors

When you run the startup script, the source of the problem does not appear when an error occurs.
Problem
A failure in the patch download process might occur because of various problems, but the source of the
problem is not obvious. When the patch content downloads, a severe error recorded in the logs might not
indicate an actual error. For example, if the CDN does not have the requested package, the non-entitled
content might display a SEVERE error.
Cause
The patch download process failed, and no message appeared to indicate the cause of the problem.
Solution
1. On the SCR Tool host machine, access the scr_root/logs directory.

2. View the platform specific log file.
3. Check the log file to confirm whether any SEVERE entries are logged.
Various types of errors can occur. For example:
Feb 23, 2011 4:42:45 PM com.lumension.scr.pojo.SCPackage download
SEVERE: Payload file URL to download
http://novell.cdn.lumension.com/novell/aix/ppc/IY76827.tar.gz
Mar 29, 2011 12:59:01 PM com.lumension.scr.util.Utils downloadFromURL
44 VMware, Inc.
SEVERE: com.lumension.scr.exception.UnableToAccesURL: Unable to access URL
4. Use the message results in the log file to resolve the error, then attempt to download the patch content
from the entitled OS vendor site again.
Obsolete Patches Cause the Download to Fail

Solaris patches that are no longer available cause the patch download to fail.
Problem
Solaris patch downloads fail on patches with names that begin with SUN. These errors resemble the
following entries.
n SEVERE: Failed to download payload file
n SEVERE: Payload download
/tmp/SCR/download/payload/solaris/x86/SUN10RPC20110304.zip failed
Cause
Solaris patches with names that begin with SUN are obsolete. This content is no longer provided by the
vendor.
Solution
Ignore errors related to these obsolete patches.
HTTP Errors Are Not Marked as SEVERE

Using the SEVERE error message to troubleshoot HTTP 404/503 errors might cause you to miss the errors.
Problem
HTTP 404/503 errors might be logged as FINE, and do not contain the phrase SEVERE in the message,
which can cause problems when using the SEVERE message to troubleshoot the problem. These error
types resemble the following messages:
Apr 8, 2011 2:20:52 PM com.lumension.scr.rhn.RHNRegister postXMLRPCRequest
FINE: RHN HTTP Response 404
Apr 11, 2011 2:28:29 PM com.lumension.scr.rhn.RHNManager getSession
FINE: Getting RHN session
Cause
These types of errors typically indicate that a problem exists with the connection to the external Red Hat
download site.
Solution
If these HTTP 404/503 response codes occur from the Red Hat download site, attempt to replicate the
patch content later.
VMware, Inc. 45
Connection Refused Errors

A Java error indicates that the connection from the SCR Tool to the vendor download site was refused.
Problem
When you interactively run a replication process, or in the cron logs when you use cron, a Connection
refused error can occur. This type of error resembles the following message.
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at java.net.Socket.connect(Socket.java:478)
at sun.net.NetworkClient.doConnect(NetworkClient.java:163)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:394)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:529)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:233)
at sun.net.www.http.HttpClient.New(HttpClient.java:306)
at sun.net.www.http.HttpClient.New(HttpClient.java:323)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient
(HttpURLConnection.java:970)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect
at sun.net.www.protocol.http.HttpURLConnection.connect
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream
at com.lumension.scr.rhn.RHNRegister.postXMLRPCRequest(RHNRegister.java:435)
at com.lumension.scr.rhn.RHNRegister.loginToRHN(RHNRegister.java:526)
at com.lumension.scr.rhn.RHNManager.getSession(RHNManager.java:82)
at com.lumension.scr.client.StandaloneSCRepositoryClient.download
at com.lumension.scr.client.StandaloneSCRepositoryClient.process
at com.lumension.scr.client.StandaloneSCRepositoryClient.main
Cause
An undetermined number of reasons can cause this error.
Solution
You can typically ignore these errors. The script continues to run and replicate patch data. To verify that
the script continues to run, open the individual <platform>-rt.properties file and view the content
for logged error information.
Null Pointer Exception Errors

An error occurs while the SCR Tool processes the content download request.
46 VMware, Inc.
Problem
When you run a replication process interactively, or in the cron logs when you use cron, a null pointer
error can occur. This type of error resembles the following message.
Apr 8, 2011 8:51:13 PM com.lumension.scr.client.StandaloneSCRepositoryClient
process
SEVERE: Error Processing Content Download Request.
java.lang.NullPointerException
at com.lumension.scr.client.StandaloneSCRepositoryClient.download
at com.lumension.scr.client.StandaloneSCRepositoryClient.process
at com.lumension.scr.client.StandaloneSCRepositoryClient.main
Cause
An undetermined number of reasons can cause this error.
Solution
Restart the replication process to continue downloading the patch content, and use cron to start the script
again the following day and resume replication. If persistent failures continue, log a ticket with VMware
Technical Support.
SCR 6.1.21 fails to download patches

SCR6.1.21 fails to download patches if #channels= is provided in properties file.
Problem
You cannot download patches using SCR 6.1.21 if #channels= is provided in properties file.
Cause
A suitable value is not provided for the #channels= parameter
Solution
Specify all the values for the channel parameters in the respective platforms.
VMware, Inc. 47
48 VMware, Inc.
Index
A
accessing external sites 11 I
agent machines 9 installing 13
C SCR Tool 13
certificates for HP-UX 11, 41 VCM agent 9
checkPayload option 24 J
configure Java
SCR Tool 17 client software application 7
configuring host machine 19 Cryptography Extension 14
connecting to machines 28 Runtime Environment 14
Content Download Network 31 JCE on patching repository 17
custom logging 28 JRE on patching repository 17
D L
directory structure 19 Linux and UNIX replication scripts 21
downloads logging levels 28
delta 31 login session failure to Red Hat 39
HP-UX error 41 M
Java Cryptography Extension 14 Mac OS X payload folders 20
Java Runtime Environment 14 machine connection 28
patch content 31 maintaining the repository 33
patch errors 44 managed machines 9
Red Hat patch error 39 O
schedule 32 OS vendor
SCR patch errors 47 file types 7
E patch content 7
errors output file names 28
CDN 38 P
connection refused 46 parameters for replication scripts 22
HP-UX download 41 password encryptor tool 21
patches
HP service authentication 41
content downloads 31
HTTP connection 45
content growth 11
insufficient memory 37
signature files 19, 31
null pointer 47
UNIX/Linux machines 7
obsolete patches 45
patching
OS vendor 43
JCE on patching repository 17
patch download 44
JRE on patching repository 17
patch mismatch 43
runtime properties files 17
proxy connection 41
payload 19
Red Hat account 38 permissions 20
Red Hat download 39 platforms supported 10
Red Hat login session 39 prerequisites 9
SCR patch download 47 properties files 17
user credentials 43 R
external site access 11 replication scripts 20
H repository 7
host machine maintenance 33
configuration 19 permissions 20
prerequisites 10 root directory 19
supported 10 running as guest 9
runtime properties files for patching 17
HP service authentication 11, 41
S
schedule for downloads 32
VMware, Inc. 49
SCR Tool
configuration 17
scripts
for replication 20
parameters for replication 22
Software Content Repository (SCR) Tool 17
storage prerequisites 10
substitution variables 30
supported host machine 10
supported platforms 10
T
troubleshooting the SCR Tool 37
trusted certificate for HP-UX 41
U
user credentials 11
V
VCM Patching 7
50 VMware, Inc.

Vrealize Configuration Manager 582 Software Content Repository Tool 61 Guide

Uploaded by

Copyright:

Available Formats

Vrealize Configuration Manager 582 Software Content Repository Tool 61 Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vrealize Configuration Manager 582 Software Content Repository Tool 61 Guide

Uploaded by

Copyright:

Available Formats

Software Content Repository Tool 6.

About This Book 5

Introduction to the Software Content Repository Tool 7

Preparing for SCR Tool Installation 9

Installing the Prerequisite Software for the SCR Tool 13

Configure the SCR Tool 17

Configuring the Red Hat Host Machine 19

Managing Patch Content with the SCR Tool 31

Troubleshooting the SCR Tool 37

Connection Refused Errors 46

Technical Support and Education Resources

Figure 1–1. How to Download Patches with the SCR Tool

Installing the VCM Agent on the Linux and UNIX Machines to be

Selecting and Preparing the Host Machine

Mac OS X 210 GB

Oracle Enterprise Linux (OEL) 80 GB

Establish User Credentials

1. Contact the vendor to obtain a subscription to the patch content.

Place Trusted Certificates in the Key Store

To install intermediate certificates for Software Assistant, see http://kb.vmware.com/kb/2051577.

Verifying Access to External Sites

Table 2–2. Access from SCR Tool to External Sites

All platforms http://*.cdn.lumension.com/

Oracle Enterprise Linux http://public-yum.oracle.com

Red Hat 5 and 6 http://xmlrpc.rhn.redhat.com/XMLRPC

Red Hat 7 https://cdn.redhat.com

Install the SCR Tool Software

1. Access the Download VMware vRealize Configuration Manager Web site at

Download the Java Runtime Environment

n Verify that you can access http://www.java.com.

1. Access the Java Web site.

Test the Java Runtime Environment Installation

1. Verify that the JRE is installed.

Download the Java Cryptography Extension

n Locate the Java SE downloads page at http://www.oracle.com.

1. Locate and download the Java Cryptography Extension.

n Obtain the special bundle of properties files, Sample-SCR-6.1-Properties.tar.gz, at the same

Review the Directory Structure

The SCR Tool downloads patch content based on your established schedule.

1. Open the SCR Tool root directory.

Red Hat 5,6 RedHat/getPackage/

Red Hat 7 RedHat/rpm/

Grant Permission to the Repository

1. Go to the scr_root directory on the host machine.

Update the Properties Files

Platform Properties File Name

Oracle Enterprise Linux (OEL) scr_root/conf/oracle-rt.properties

Red Hat scr_root/conf/redhat-rt.properties

2. Create an encrypted password.

Properties File Parameters

LINUX CENTOS X86, X86_64

HP_UX PA_RISC, ITANIUM

LINUX ORACLE X86, X86_64

OSX X86, PPC

LINUX REDHAT X86, X86_64

LINUX SUSE X86, X86_64

SOLARIS X86, SPARC

For example, for Red Hat: channels=es-4,server-5

CentOS cent5, cent6, cent7