hewlett-packard
sa3000 series
vpn client deployment tool
release notes
Hewlett-Packard Company
HP: 5971-0887
P/N: A01445-003
March 2001
Disclaimer
Information in this document is provided in connection with
Hewlett-Packard Company products. No license, express or
implied, by estoppel or otherwise, to any intellectual property
rights is granted by this document. Except as provided in
Hewlett-Packard Company’s Terms and Conditions of Sale for
such products, Hewlett-Packard Company assumes no liability
whatsoever, and Hewlett-Packard Company disclaims any
express or implied warranty, relating to sale and/or use of
Hewlett-Packard Company products including liability or
warranties relating to fitness for a particular purpose,
merchantability, or infringement of a ny patent, copyright or
other intellectual property right. Hewlett-Packard Company
products are not intended for use in medical, life saving, or life
sustaining applications.
Hewlett-Packard Company may make changes to specifications
and product descriptions at any time, without notice.
The Hewlett-Packard SA3000 Series VPN Client Deployment
Tool Release Notes as well as the software described in it is
furnished under license and may only be used or copied in
accordance with the terms of the license. The information in this
manual is furnished for informational use only, is subject to
change without notice, and should not be construed as a
commitment by Hewlett-Packard Company. Hewlett-Packard
Company assumes no responsibility or liability for any errors or
inaccuracies that may appear in this document or any software
that may be provided in association with this document.
Except as permitted by such license, no part of this document
may be reproduced, stored in a retrieval system, or transmitted in
any form or by any means without the express written consent of
Hewlett-Packard Company.
Copyright © Hewlett-Packard Company 2001.
2 Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes
Contents
DISCLAIMER...........................................................................................................................2
INTRODUCTION.....................................................................................................................5
SUPPORTED FEATURES.......................................................................................................6
HARDWARE, SOFTWARE, AND SERVICES REQUIREMENTS ......................................7
ARDWARE
H
OFTWARE
S
ERVICES
S
SUPPORTED CONFIGURATIONS........................................................................................8
INGLE COMPUTER CONFIGURATION
S
ULTIPLE COMPUTER CONFIGURATION
M
SPECIAL CONSIDERATIONS...............................................................................................9
SING THE
U
ERVER
S
SING ONLINE HELP
U
VPN C
EDEPLOY OR WITHDRAW PREVIOUS DEPLOYMENTS
R
VPN C
OLLING A SPECIFIC DEVICE
P
ULTIPLE
M
LAT TEXT FILE IMPORT OF USERS
F
VPN C
MPORT FILE CANNOT CONTAIN EMPTY LINES
I
KNOWN PROBLEMS ............................................................................................................13
IDEO CARD CONFIGURATION AND THE
V
ULTIPROCESSOR CONFIGURATIONS NOT SUPPORTED ISSUE
M
VPN C
VPN C
PEN
O
UTOLOGON PASSWORD NOT REINITIALIZED AFTER MULTIPLE DEPLOYMENTS
A
UTOLOGON PASSWORD SUPPRESSES PICK LIST
A
SER NOT PROMPTED FOR AUTHENTICATION PASSWORD
U
UTHENTICATION SETTINGS DISTORTED
A
INIMIZE/MAXIMIZE PROBLEM
M
IELDS TRUNCATED WITHOUT NOTICE
F
ECURING PASSWORDS
S
UNNEL WINDOW PROTOCOL AND PORT NUMBER FIELD INTERACTION
T
UPLICATED DATA NOT DETECTED
D
..............................................................................................................................7
...............................................................................................................................7
.................................................................................................................................7
.........................................................................................8
....................................................................................8
LIENT DEPLOYMENT TOOL ON A JAPANESE WINDOWS
VPN C
....................................................................................................................................9
................................................................................................................9
LIENT DEPLOYMENT TOOL MANAGER AND PRODUCT INSTALLATION UTILITY
................................................................10
LIENT DEPLOYMENT TOOL MANAGER LOGIN ACCOUNT AND SETPASSWORD COMMAND
...................................................................................................11
LIENT DEPLOYMENT TOOL MANAGERS
VPN C
.........................................................................................11
LIENT UPDATES FOR WINDOWS
LIENT INSTALLATION FORCES USER TO DOUBLE CLICK EXECUTABLE TWICE
LIENT DEPLOYMENT TOOL MANAGER DOES NOT READ PRODUCT INSTALLATION WHILE
.....................................................................................................................................13
...............................................................................................15
...........................................................................................................15
........................................................................................16
SERS
NT U
.........................................................................12
LIENT DEPLOYMENT TOOL MANAGER
VPN C
......................................................................14
.................................................................................14
...................................................................................15
.........................................................11
...................................................................12
...................................................13
........................................................14
OR WINDOWS
NT
.........................14
....................................15
2000
..................10
...10
...............13
..................13
Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes 3
ERVLET INSTALLATION ON WINDOWS
S
ANCELING A DEPLOYMENT DOWNLOAD FROM THE WEB SERVER
C
TROUBLESHOOTING..........................................................................................................17
NT W
ORKSTATION
........................................................16
............................................16
REMOVING THE VPN CLIENT DEPLOYMENT TOOL....................................................18
4 Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes
Introduction
The Hewlett-Packard SA3000 Series VPN Client Deployment
Tool allows you to deploy software and configuration
information to a large number of users.
These release notes describe the features, special considerations,
and known problems of this release of VPN Client Deployment
Tool.
In particular, there are sections covering:
• Supported Features
• What’s new?
• Hardware, software, and services requ i rem ents
• Special co nsiderations
• Known problems
• Troubleshooting
• Removing the VPN Client Deployment Tool
Note: For information on installation see the Hewlett-Packard
SA3000 Series VPN Client Deployment Tool Getting Started
Guide.
Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes 5
Supported Features
The VPN Client Deployment Tool allows you to deploy
software and configuration information to a large number of
users. Specifically, it allows you to:
• Collect device, tunnel, client, product, user, and
corporation information and store it in a database
• Generate a user or group list from which entries are
selected for the deployment process
• Validate the selected user entries for deployment
• Create configura tion files and bundle them wi th the
VPN Client software for deployment to validated users
• Distribute deployment notifica tions by e-mail
The VPN Client Deployment Tool consists of the following
components:
• VPN Client Deployment Tool Manager
• VPN Client Deployment Tool Database
• VPN Client Deployment Tool Servlet
For more information on the VPN Client Deployment Tool, see
the Hewlett-Packard SA3000 Series VPN Client Deployment
Tool Getting Started Guide and the application’s online Help.
6 Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes
Hardware, Software, and Serv ice s
Requirements
The following lists contain the hardware and software
components required for this release.
Hardware
The VPN Client Deployment Tool needs the following
minimum hardware specifications:
• PC with Intel Pentium II 266-MHz processor
performance level
• 64-MB RAM (128 MB recommended)
• 200-MB free hard-disk space
• 1024x768 screen resolution
Software
The VPN Client Deployment Tool supports the following
platforms:
• The VPN Client Deployment Tool Manager and
Database run on Windows NT Workstation 4.0 with
Service Pack 5 or Windows 2000 Professional.
• The VPN Client Deployment Tool Servlet runs on
Windows NT Server 4.0 with a minimum Service Pack
5 and Option Pack 4.0 installed or Windows 2000
Server.
Services
VPN Client Deployment Tool requires the following services:
• Internet Information Serv er (IIS) 4.0
• IIS/FTP (File Transfer Protocol) server
• An SMTP (Simple Mail Transfe r Pr otocol) server
Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes 7
Supported Configurations
Supported configurations of the VPN Client Deployment Tool
include a single and multiple computer configuration.
Single Computer Configuration
The single computer configuration involves having both the
VPN Client Deployment Tool Manager, Database, and Servlet
running on the same system (Windows NT Server running IIS or
Windows 2000 Server). See “Hardware, Software, and Ser v ices
Requirements” earlier in this document for the recommended
minimum system configuration.
Multiple Computer Configuration
The multiple computer configuration involves having the VPN
Client Deployment Tool Manager and Database running on one
computer and the VPN Client Deployment Tool Servlet running
on another (Windows NT or Windows 2000 Servers running
IIS). The S erv let computer must have TC P/IP access to the
database computer. If there is a firewall between the Servlet
computer and the Manager/Databa se comput e r, it must permit
the Servlet to access the database using a TCP port. By default
this is port 2638.
See “Hardware, S of t ware, an d Services Requirements” earlier in
this document for the recommended minimum system
configuration.
8 Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes
Special Considerations
This section lists special considerations you should be aware of
for the VPN Client Deployment Tool.
Using the VPN Client Deployment Tool on a
Japanese Windows NT or Windows 2000
Server
The VPN Client Deployment Tool d oes not run on a Japanese
Windows NT or Windows 2000 Server unless you do the
following:
1. Change the cont ents of the start ma nager.bat file to read:
"..\JRE\1.2.2\bin\javaw.exe" -
Xbootclasspath:"..\JRE\1.2.2\lib\rt.jar;
..\JRE\1.2.2\lib\i18n.jar" -cp
"..\SMDT\smdt.jar"
com.shiva.nm.smdt.mdmanager.MDManager
127.0.0.1
Note: The IP address at the end of the path may differ for
your setup.
2. Next, alter the propertie s of the "Sta r t Mana ge r " shortc ut so
that the "Target:" field points to this batch file in the VPN
Client Deployment Tool directory. For example:
"E:\Program Files\HP SA3000 VPN\VPN
Client Deployment Tool\smdt\start
manager.bat"
3. To avoid seeing the unnecessary DOS box... change the
"Run:" drop down menu in the shortcut to "Minimized"
After making these changes, the VPN Client Deployment Tool
should work on a Japanese server.
Using Online Help
You cannot use the F1 key to in itiate online Help. Instead,
access Help by clicking the Help button on the main window.
Accessing Help using this method starts the Help Viewer.
Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes 9
Note: If, while running the program, you cannot access Help,
check that you do not have the Help Viewer open and
minimized.
VPN Client Deployment Tool Manager and
Product Installation Utility
If any users are logged in to the VPN Client Deployment Tool
Manager while the Pr oduc t Insta llation Utility is running, the
Manager does not immediately display the updated product
codes. You must reopen the manager for the product codes to be
visible in the Product Profiles tab.
Redeploy or Withdraw Previous Deployments
Some users may receive errors when logging in to the VPN
Client Deployment Tool’s Web server and attempting to
download deployments.
Either retract previous deployments using the Withdraw button
on the Deployment window or deploy new configurations to
your users immediately.
VPN Client Deployment Tool Manager Login
Account and Setpassword Command
More than one login account can now be created using the
setpassword command. The setpassword command can
also be used to delete an operator, except for admin.
The setpassword command uses both user name and password
parameters, to add, update, and delete login accounts.
setpassword <username> <password>
or
setpassword –d username
Examples of a correctly formatted command-line entries appear
as follows:
• To add a new operator:
setpassword john mysecret
• To update a password
10 Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes
setpassword john mynewsecret
• To delete a password, use the –d switch:
setpassword –d john
Note: The user name and password are case sensitive.
Polling a Specific Device
The VPN Client Deployment Tool does not allow you to select a
subset of one or more devices to be polled over a specific time
period. Each time you click Poll Devices, all devices that have
been configured for polling are polled. To prevent one or more
devices from being polled, clear the Device can be polled check
box for each devices in the Devices window that you want to
affect.
Multiple VPN Client Deployment Tool
Managers
If you want to run more than one VPN Client Deployment Tool
database on the same LA N , you must modify the Sybase
database name of one of the installations.
To modify the database name of an VPN Client Deployment
Tool Database installation:
Edit the configuration file C:\Program Files\HP SA3000
VPN\VPN Client Deployment Tool\smdt\vcdtdb.txt on the
computer on which you installed the VPN Client Deployment
Tool Manager. Edit the line reading -n smdt_db to replace
smdt_db with a different, unique database na me , such as
smdt_db2 or smdt_db<hostname>.
Save the updated file. The new data base name takes ef f e c t when
you next boot the server or when you stop and restart the
Adaptive Server Anywhere – VCDT service
Flat Text File Import of Users
When importing a large number of users in a flat text file (for
example, gr eat er than 2,000), you may receive an Out of
Memory Exception. This renders the VPN Client Deployment
Tool Manager inoperable, even though buttons may appear
active.
Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes 11
Users in excess of 2,000 should be imported in one or more
smaller text files to avoid this condition.
VPN Client Update s for Windows NT Users
When the VPN Client is deployed and downloaded by Windows
95/98 users, the update happens automatically. However,
Windows NT and Windows 2000 users must remove the VPN
Client manually, restart their computers, and then install the
update.
Import File Cannot Contain Empty Lines
When you are creating an import file, ensure that there are no
empty lines contained within it. If empty lines are detected, no
error is reported.
12 Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes
Known Problems
This section lists known problems with this release of VPN
Client Deployment Tool.
Video Card Configuration and the VPN Client
Deployment T ool Manager
An exception may occur when the VPN Client Deployment Tool
Manager is running on a computer with a video card that is
configured to use a resolution of 32,768 colors. Changing the
color resolution to another value such as 256, 65536, or 24-bit
(true-color ) e liminates the problem.
Multiprocessor Configurations Not Supported
Issue
Compatibility problems have been reported with third-party
components used by VPN Client Deployment Tool on some
multiprocessor computers. The VPN Client Deployment Tool is
not certified for use in multiprocessor configurations.
VPN Client Installation Forces User to Double
Click Executable Twice
When a user downloads the VPNClient.exe f ile and doubleclicks it, the file extracts all client setup files to the correct
directory. However, in some cases the client setup does not
continue.
To restart the client setup, browse to the directory where the
client setup files are located and double-click the client setup.exe
file to complete the pr oc e ss.
VPN Client Deployment Tool Manager Does
Not Read Product Installation While Open
The VPN Client Deployment Tool Manager does not accept the
product installation from the Product Installation Utility when
the Manager is open. You must install the VPN Client product
Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes 13
when the Manager is closed. Open the manager again for the
product code to be visible in the Product Profiles tab.
Autologon Password Not Reinitialized After
Multiple Deployments
If you deploy an autologon password to users in a client profile,
and then deploy another client profile to the same users with no
autologon password set, the autologon password does not get
reinitialized in the registry. This is a VPN Client installation
limitation.
This option works correctly if you deploy to users multiple times
and use different autologon passwords.
Autologon Password Suppresses Pick List
Setting the autologon password in the VPN Client Deployment
Tool Manager and then initiating a deployment of the VPN
Client causes the default path in the registry to point to the
vpnuser.ini file rather tha n to the .vpc file. This causes the
incorrect profile to be chosen.
To workaround this problem, delete the user in the
<drive>:\Program Files\HP SA3000 VPN
Client\VPN Client directory, and then remove the VPN
Client. Then you must redeploy the same user, making sure that
autologon password is not set in the users panel. After deploying
and downloading the VPN Client, reboot your computer.
User Not Prompted for Authentication
Password
When using the Authentication password setting for a VPN
Client logon, you are not prompted for an Authentication
password. The main window of the VPN Client appears instead.
Authentication Settings Distorted
In the Users window, the authentication settings can become
distorted under the following two conditions:
1. If 800x600 resolution is used, the distortion exists in both
minimized and maximized windows.
14 Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes
2. If resolution higher than 800x600 is used, the distortion only
occurs when the window is minimized.
If possible, adjust the VPN Clie nt Deployment Tool Manager
window to a resolution of greater than 800x600.
Minimize/Maximize Problem
If you minimize VPN Client Deployment Tool from any
window with either the Java cup icon or the Minimize button
and then right-click the systray icon to maximize the application
again, the title bar expands to maximum size, but the application
window retains its previous size.
Fields T runcated Without Notice
If you exceed the maximum allowable characters for certain
VPN Client Deployment Tool Manager fields in the Devices and
Tunnels windows, the value is truncated at the maximum
number of characters, but no error message or notic e is
generated.
Effected fields include:
• Login name (Devices window) — 15 characters
maximum
• Login password (Devices window) — 15 characters
maximum
• Challenge Phrase (Tunnels window) — 16 characters
maximum
Securing Passwords
The device, tunnel, and authentication passwords that you enter
into the VPN Client Deployment Tool Database are not
protected from unauth orized access. Restrict access to the
database and any database backups to prevent unauthorized
access to these passwords.
T unnel Window Protocol and Port Number
Field Interaction
Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes 15
In the Tunnel Window, if the Protocol field is set from UDP to
99, the Port field does not gray out until you press the Save
button.
Duplicated Data Not Detected
If you enter duplicate data, the VPN Client Deployment Tool
only detects it in the Client Profile window by presenting you
with a message.
Servlet Installation on Windows NT
Workstation
If you try to install the VPN Client Deployment Tool Servlet on
a Windows NT Workstation, you may do so without seeing any
error messages. However, the VPN Client Deployment Tool
requires Micro soft IIS 4.0, which only runs on Windows NT
Server 4.0.
Canceling a Deployment Download From the
Web Server
When a deployment download from the VPN Client Deployment
Tool Web server/servlet is canceled, the VPNClie nt.zip bundled
file is not removed from the hard drive of the computer on which
the Web server is installe d. For example, look in <web server
drive letter>:\InetPub\ftproot\smdt directory for folders that are
numbered and delete them.
16 Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes
Troubleshooting
After you set up and configure your VPN Client Deployment
Tool Manager, some users may not be able to download and
install VPN clients.
Note: Write down all the error messages duri ng any
troubleshooting sessions.
Use the following steps to troubleshoot your VPN Client
Deployment Tool:
1. Check all the fields in your Users window to make sure all
of them are properly filled out. If you have an invalid e-mail
address, you may not be able to deploy.
2. In the Services control panel of your Windows NT 4.0
Server, ensure that the following services are properly
installed and running:
• IIS (version 4)
• Web server
• FTP service (There is no need to install SMTP if you
have an alternate SMTP server available.)
3. If all the previous steps failed, reboot your Windows NT 4.0
Server computer and try again.
Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes 17
Removing the VPN Client
Deploymen t Tool
If you choose to remove the VPN Client Deployme nt Tool from
your computer, you must do the following.
Note: The following procedure also applies to Windows 2000
Server.
Steps
To remove the VPN Client Deployment Tool Manager and
Servlet:
1. Exit the VPN Client Deployment Tool Manager.
2. Stop all other running Windows applications.
3. Th e Adaptive Server Anyw here – VCDT Service (database)
and the VCDT Web Server (JRun) are installed as services
and must be stopped in the Service Control Panel. From the
Services Control Panel, double-click Services.
The Windows Services dialog box appears.
4. Stop the Adaptive Server Anywhere - VCDT service and
VCDT Web Server by selecting each service and clicking
Stop.
5. Stop IIS Admin Service, which also stops the FTP, SMTP,
and Web server services of IIS.
6. Create a temporary directory and copy your database files to
this safe place that will not be affected by the removal
procedure (for example, c:\tempdir). The database file is
called smdt.db and is located in \Program Files\HP
SA3000 VPN\VPN Client Deployment
Tool\smdt\ .
7. Remove JRun from your computer by going to an MS-DOS
Command Prompt and using the cd (change directory)
command to change to <drive letter>:/Jrun. (For
example, t y p e cd c:\jrun). This is the directory where
JRun is installed.
8. Type cd bin to change to the bin subdirectory.
18 Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes
9. Type jsm -r jsm-default. (This removes the
NT/2000 service.)
10. In the Window s Contro l Panel, click Add /Remove
Programs to remove each of the each of the following VPN
Client Deployment Tool components:
• VPN Client Deployment Tool Servlet (when you
remove this, both the servlet and the rest of the JRun
files are removed)
• VPN Client Deployment Tool Manager
Note: The VPN Client Deployment Tool Manager and
Database components could be installed on separate devices
from the VPN Client Deployment Tool Se rv let components.
11. Delete the following files and folders (if they exist):
• c:\Inetpub\ftproot\smdt
• c:\Inetpub\wwwroot\smdt
• c:\Inetpub\scripts\jrun.dll
• c:\Inetpub\scripts\jrun.ini
• c:\Inetpub\scripts\jrun*.log
• c:\JRun
• c:\Program Files\HP SA3000 VPN\VPN Client
Deployment Tool\smdt
12. Restart the computer.
If you plan to reinstall the same release of the VPN Client
Deployment Tool, do not empty the Recycle Bin until the
reinstallation is successfully completed.
Hewlett-Packard SA3000 Series VPN Client Deployment Tool Release Notes 19
Loading...