APAR status
Closed as documentation error.
Error description
Current IBM AD Documentation is not clear regarding which credentials are used by IBM AD Services running on the server, and exactly which tasks they must be able to perform. Specifically, since the IBM AD services are created with the Log On ID being set to Local System account, the server's machine name is used as the ID (with no password) when trying to access certain file resources. If the file resources are on a remote drive, or one accessed with a UNC path, the access may fail unless additional permission has been given for the machine name of the server. Alternately, a 'service' user account can be created and assigned as the Log On ID for the IBM AD services, and that service account can be given the necessary permissions to the shared locations that the various services will need.
Local fix
If using remote (not local to the IBM AD server OS instance) locations for storing IBM AD resources, such as project folders, indexes, etc., a 'service' user account can be created and assigned as the Log On ID for the IBM AD services, and that service account can be given the necessary permissions to the shared locations that the various services will need.
Problem summary
https://www.ibm.com/support/knowledgecenter/SSRR9Q_5.1.0/IBM_AD_ Installation_and_Configuration_Guide_OUT_KC/user_access.html was missing information regarding how AD services' credentials were used, which caused access issues in some environments.
Problem conclusion
IBM AD Knowledge Center page https://www.ibm.com/support/knowledgecenter/SSRR9Q_5.1.0/IBM_AD_ Installation_and_Configuration_Guide_OUT_KC/user_access.html was updated with additional explanatory information about this topic.
Temporary fix
Comments
APAR Information
APAR number
PH23335
Reported component name
APPL DISCOVERY
Reported component ID
5737B1600
Reported release
510
Status
CLOSED DOC
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-03-16
Closed date
2020-07-08
Last modified date
2020-07-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSRR9Q","label":"IBM Application Discovery for IBM Z"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"510","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
09 July 2020