tivoliap.dll is the Tivoli Authentication Package that allows the Tivoli applications to run setui methods. Ensure that the "tmerservd" and "BuiltinNTAdministrator" accounts have the following Local User Rights:
Bypass traverse Checking for tmersrvd.
Log on Locally right for tmersrvd.
Act as part of the OS for Tivoli_Admin_Privileges.
Increase Quotas for Tivoli_Admin_Privileges.
Replace a process level Token for Tivoli_Admin_Privileges.
Also check:
tmersrvd account is not disabled.
The Local Administrator account (BuiltinNTAdministrator, regardless of its current name if renamed) is in Tivoli_Admin_Privileges.
TivoliAP.dll exists in %System32%.
tmersrvd has read/execute rights to TivoliAP.dll
tmersrvd has read/execute rights to %system32%
tmersrvd has read/execute rights to %systemroot%/tivoli and propogated to all subdirectories
tmersrvd has full rights to %lcfroot%.
To check if TivoliAP.DLL loaded and activated correctly, do:
1. Start cmd.exe on the local console of the endpoint box
2. cd <disk>:\Admin\Tivoli\lcf\dat\1 or <disk>:\Program Files\Tivoli\lcf\dat\1 or <disk>:\winnt\Tivoli\lcf\1
1. Run lcf_env.cmd or lcf_env.sh. This will source the Endpoint's environment first
2. Run wlcftap (you may need to add this to the path or run it directly from it's location). This will check to see if TAP is enabled. If the following results are not returned , the TRAA has not been configured, or activated.
1
13
1
Thu Mar 15 14:15:10 2001
(null)\(null)
wlcftap is located in %lcf_bindir% (i.e. <disk>:\Admin\Tivoli\lcf\bin\w32-ix86\mrt or <disk>:\Profram Files\Tivoli\lcf\bin\w32-ix86\mrt)
run wlcftap if the error is access denied run wlcftap -r "" this will normally fix this error if all the above are correct. If wlcftap returns "Authorization Pacakge is Unknown" the box requires a reboot.
If it does not return an error, then the settings are fine.
Loran Swymer
SwymerL@wr.disa.mil
