Contents
- 1 Configuration Server Section
- 1.1 allow-empty-password
- 1.2 allow-external-empty-password
- 1.3 allow-mixed-encoding
- 1.4 cfglib-connect-tmout
- 1.5 client-connect-timeout
- 1.6 client-record-sync-timeout
- 1.7 client-response-timeout
- 1.8 dbthread
- 1.9 decryption-key
- 1.10 delay-reload-backup
- 1.11 disable-vag-calculation
- 1.12 decryption-padding
- 1.13 enable-pre-812-security
- 1.14 encoding
- 1.15 encryption
- 1.16 fix_cs_version_7x
- 1.17 force-md5
- 1.18 langid
- 1.19 last-login
- 1.20 last-login-synchronization
- 1.21 locale
- 1.22 management-port
- 1.23 max-client-output-queue-size
- 1.24 max-output-queue-size
- 1.25 multi-languages
- 1.26 objects-cache
- 1.27 packet-size
- 1.28 password-change
- 1.29 peer-switchover-tmout
- 1.30 port
- 1.31 primary-master-response-timeout
- 1.32 primary-startup-tmout
- 1.33 session-restore-auth
- 1.34 server
- 1.35 upgrade-mode
- 1.36 Configuring ADDP Between Primary and Backup Configuration Servers
Configuration Server Section
This section contains the configuration options of Configuration Server. The name of the section depends on the name of the Configuration Server Application object. On the first Configuration Server (named confserv), this section is named confserv. On other Configuration Servers being installed, this section has the same name as the Configuration Server object.
allow-empty-password
Default Value: true
Valid Values: true, false
Changes Take Effect: Immediately
Specifies whether Configuration Server allows an empty (blank) password in a client connection request. If the option is set to false and the password in a request is not specified, Configuration Server rejects the request and generates a corresponding error message.
Genesys strongly recommends that you use password-min-length instead of allow-empty-password. The latter has been provided only for purposes of backward compatibility.
Refer to the User Passwords section of the Genesys Security Deployment Guide for more information about this option and how to use it.
allow-external-empty-password
Default Value: true
Valid Values: true, false
Changes Take Effect: Immediately
This option is used only if external authentication is being used.
Specifies whether Configuration Server allows an empty (blank) password in a client connection request when these requests are authenticated externally. When set to true (default), Configuration Server will permit an unspecified password in an externally authenticated request.
If the option is set to false and the password in a request is not specified, Configuration Server rejects the request and generates a corresponding error message, regardless of the value of the two other options.
Refer to the User Passwords section of the Genesys Security Deployment Guide for more information about this option and how to use it.
allow-mixed-encoding
Default Value: false
Valid Values: true, false
Changes Take Effect: After restart
Specifies if Configuration Server checks if the encoding of user interface client applications at client registration matches the current encoding of Configuration Server. If set to false (the default), only those interface clients with the same encoding mode can connect to Configuration Server. If set to true, Configuration Server will not check, and the interface client can connect to Configuration Server regardless of its encoding mode.
cfglib-connect-tmout
Default Value: 20
Valid Values: Any integer from 0 to 65536 seconds
Changes Take Effect: After restart
Sets a timeout (in seconds) for this instance of Configuration Server to expect a TCP success or failure response from the remote Configuration Server to which it is connecting. If the connection has not been made when the timeout expires, all pending connection requests are cancelled.
When set to 0 (zero), this timeout is disabled.
The value of this parameter overrides that of the -cfglib-connect-tmout command-line parameter.
client-connect-timeout
Default Value: 40
Valid Values: Any positive integer from 1 to 65536
Changes Take Effect: After restart
Specifies the client connection timeout. The client should be authenticated before this timeout expires.
client-record-sync-timeout
Default Value: 0
Valid Values: Any positive integer from 0 to 20
Changes Take Effect: Immediately
Specifies a duration in seconds during which client records from Configuration Server (primary) or Configuration Server Proxy (primary) will be synched to their corresponding Backup Configuration Server in scenarios of switchover or shutdown in primary Configuration Server.
client-response-timeout
Default Value: 600
Valid Values: Positive integer up to 86400 (24 hours)
Changes Take Effect: Immediately
Limits the time, in seconds, during which Configuration Server retains prepared unsent data in its memory. If this timeout expires and the data is still unsent, Configuration Server disconnects the client and discards all the data related to it.
dbthread
Default Value: true
Valid Values: true, false
true | Uses internal database thread. This is the preferred method. |
false | Uses separate DB Server, as in releases prior to 8.5. |
Changes Take Effect: After restart
Specifies how Configuration Server accesses the Configuration Database.
If set to true, Configuration Server attempts to launch a database client process locally using the options specified in the Configuration Database section, but not the host and port options. This is the preferred method of accessing a database.
If set to false, Configuration Server attempts to use a remote DB Server, as specified in the Configuration Database section, including the host and port options. This was the only way to access a database in releases prior to 8.5. Genesys recommends that you use this method only with older Genesys applications.
decryption-key
Default Value: No default value
Valid Values: Valid path to decryption file
Changes Take Effect: After restart
Specifies the path to an external .pem file containing the RSA key used for decrypting the password to the Configuration Database. The presence of this option, plus encryption set to true, indicates that the password was encoded using an asymmetric algorithm, with an encryption key from an external file.
Configuration Server creates or updates the value of this option if the -keys parameter is specified in the command-line at startup.
- This option is set automatically by Configuration Server. Do not change the value of this option manually, except in the following circumstance.
- If you want to switch back to using an unencrypted Configuration password, set the value of this option to empty (no value) and set the encryption option to false, then manually enter the unencrypted password into the Configuration Server configuration file. Note: You must have Write access to the Configuration Server configuration file to do this.
- If you then want to revert back to using symmetric encryption, set the value of this option to empty (no value), and restart Configuration Server from the command line using the -p <name of Configuration Database section> <password> parameter.
delay-reload-backup
Default Value: 0
Valid Values: 0 or any positive integer
Changes Take Effect: For the next reconnect to the master
Specifies the reload delay period (in seconds) for the backup Configuration Server Proxies or the master Configuration Server running in the backup mode. You can specify a higher delay period for the backup Configuration Server proxies to ease the load on the master Configuration Server after network outages when multiple clients need to reload data at the same time.
The configured reload delay period applies to the master Configuration Server when it needs to reload data while running in the backup mode or after being switched to backup mode upon a switchover.
This option does not delay initial data load after Configuration Server restart and it does not delay the attempt to restore the previous session to the master Configuration Server. This option takes effect only if an attempt to restore the previous session with the master Configuration Server fails.
disable-vag-calculation
Default Value: false
Valid Values: true, false
Changes Take Effect: After restart
Specifies whether Configuration Server calculates Virtual Agent Groups for existing and newly-created objects for the application in which it is configured.
To manage the calculation of Virtual Agent Groups by primary and backup Configuration Servers before and after switchovers, add this option to both the primary and backup Configuration Servers, in the sections with the same name as the corresponding Application objects. If this option is set to true, Configuration Server does not calculate Virtual Agent Groups for existing and newly-created objects.
decryption-padding
Default: If the password is encrypted, PKCS 1 padding is used
Valid Value: OAEP - password is encrypted using OAEP padding
Changes Take Effect: After restart
The presence of this option, together with encryption set to true and decryption-key options, indicates that the configuration database password is encrypted using an asymmetric algorithm with OAEP padding. Configuration Server creates or updates the value of this option when the password is encrypted as described in the section Encrypting the Configuration Database Password of the Management Framework Deployment Guide.
enable-pre-812-security
Default Value: false
Valid Values: false, true
Changes Take Effect: Immediately
If set to true, this option restores pre-8.1.2 security behavior as follows:
- Enables a user, who does not have Change permission on a folder, to move objects from that folder to another location.
- Enables a user, who does not have Change Permissions permission on an object, to change the object’s permissions implicitly by moving the object with inherited permissions between folders with different permission.
If set to false (the default), both actions are disabled.
encoding
Default Value: UTF-8
Valid Values: UTF-8, UTF-16, ASCII, ISO-8859-1, ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-9, ebcdic-cp-us, ibm1140, gb2312, Big5, koi8-r, Shift_JIS, euc-kr
Changes Take Effect: After restart
Sets the UCS (Universal Character Set) transformation format (such as UTF-8, UTF-16, Shift_JIS, and so on) that Configuration Server uses when exporting configuration data into an XML (Extensible Markup Language) file. The Configuration Import Wizard (CIW) must initiate the export operation. If the operating system settings do not support the specified value, Configuration Server uses the default value.
Specify the UTF-8 encoding format unless you are using wide-character codesets (such as Chinese, Japanese, Korean).
encryption
Default Value: false
Valid Values: true, false
Changes Take Effect: After restart
When set to true, the values of the password options in all Configuration Database sections are interpreted as being encrypted. Configuration Server decrypts the value when reading its configuration file at startup, accesses the Configuration Database using the decrypted value, and prints an encrypted string of characters as the password value into the log.
This option is set to true automatically by Configuration Server when the -p parameter is specified in the startup command line.
- This option is set automatically by Configuration Server. Do not change the value of this option manually, except in the following circumstance.
- If you want to switch back to using an unencrypted Configuration password, set the value of this option to false and set the decryption-key option to empty (no value), then manually enter the unencrypted password into the Configuration Server configuration file. Note: You must have Write access to the Configuration Server configuration file to do this.
fix_cs_version_7x
Default Value: true
Valid Values: true, false
Changes Take Effect: After restart
Use this option when using a master Configuration Server running release 8.0.3 (or later) with a Configuration Server Proxy running release 8.1.1 (or earlier). Setting this option to true enables the master Configuration Server to treat Configuration Server Proxy as running an equivalent schema. This prevents Configuration Server Proxy from using an incorrect schema and reading configuration data incorrectly.
force-md5
Default Value: false
Valid Values: false, true
Changes Take Effect: After next login
Specifies whether Configuration Server uses the MD5 hashing algorithm to hash user passwords. MD5 was the default algorithm prior to Management Framework 8.1.2, when it was replaced by the SHA256 algorithm. If set to false (the default), all new and changed passwords will be hashed using SHA256. If set to true, all new and existing passwords will be hashed using MD5.
Use this option if you are running Configuration Server Proxy 8.1.0 (or earlier) that supports MD5, and a master Configuration Server8.1.1 (or later) that supports SHA256. In this case, the two servers can be running together long enough to encounter password requests. Because they use two different hashing algorithms, the master Configuration Server will be unable to process the requests. You must force Configuration Server to use MD5 by setting the force-md5 option to true in the confserv section of the master Configuration Server.
Refer to the User Passwords section of the Genesys Security Deployment Guide for more information about this option and how to use it.
langid
Default Value: No default value
Valid Values: Valid integer from list of LCID to language mappings
Changes Take Effect: After restart
This option is mandatory for Configuration Server operating in single-language mode with Configuration Database in 8.5 format, and specifies the language used by Configuration Server. This option is ignored by Configuration Server in multi-language mode, or when working with Configuration Database in 8.1 format.
Set this option in the configuration file of Configuration Server. If Configuration Server Proxies are configured, set this option in only the master Configuration Server; the proxy servers determine the language used in a single-language environment automatically, based on the response they receive from the master Configuration Server to which they are connected.
When Configuration Server and the Configuration Database are installed using the default (English) initialization scripts, this option must be set to 1033 (English, ENU) in the configuration file. If any Configuration Server Language Packs are applied to the single-language Configuration Database, the value of this option value be changed to match the value of one of the Language Packs, as given in the following table.
Language | Value of languid |
---|---|
English (ENU) | 1033 |
Chinese (Simplified) (CHS) | 2052 |
French (France) (FRA) | 1036 |
German (DEU) | 1031 |
Korean (KOR) | 1042 |
Japanese (JPN) | 1041 |
Portuguese (Brazil) (PTB) | 1046 |
Spanish (Mexico) (ESM) | 2058 |
For more information about installing and using Language Packs for the Configuration Database, refer to the Configuration Database section of the Framework Deployment Guide.
last-login
Default Value: false
Valid Values: true, false
Changes Take Effect: After restart
Specifies whether the Last Logged In Display feature is to be used. If set to true, the feature is used for this Configuration Server. Last Logged In information is sent to its clients, and is stored and displayed by Genesys graphical user interfaces that support this feature.
If set to false (the default), this feature is not used for this Configuration Server.
For more information about the Last Logged In Display feature and this option, see the “Last Logged In Display” topic in the Genesys Security Deployment Guide.
last-login-synchronization
Default Value: false
Valid Values: true, false
Changes Take Effect: After restart
Specifies whether Last Logged In information is synchronized between this Configuration Server or Configuration Server Proxy and others in the environment. If set to true, this Configuration Server or Configuration Server Proxy sends notifications about changes in Last Logged In information to others in the configuration.
If set to false (the default), Last Logged In information is not synchronized between this Configuration Server or Configuration Server Proxy and others in the configuration.
This option is ignored if the last-login option is set to false.
For more information about the Last Logged In Display feature and this option, see the “Last Logged In Display” topic in the Genesys Security Deployment Guide.
locale
Default Value: No default value
Valid Values: Any valid locale name or abbreviation
Changes Take Effect: After restart
Specifies the locale setting that Configuration Server uses for date/time/currency format (where applicable). It also affects encoding that is selected by Configuration Server in single-language mode when transforming configuration object information from internal representation for export to an XML file. If you do not specify the option, Configuration Server uses the default operating system setting.
Genesys recommends that you rely on operating system settings for locale selection, instead of this Genesys option. If you do have to set it up here, select values for this option from the official Microsoft locale list. For example, for English, specify english or eng; for Japanese, specify japan or jpn; and so on. For UNIX, consult the vendor documentation for your operating system.
The specified locale value must be supported by your operating system, and must match the value that is defined by the LANG environment variable (or derived from the values of the LC_ALL and LC_CTYPE environment variables, as specified in the vendor documentation). When this option is set, its value must also be aligned with the encoding option; that is, the locale in use must activate the same encoding as specified by that option.
management-port
Default Value: No default value
Valid Values: Any valid TCP/IP port
Changes Take Effect: After restart
Specifies the TCP/IP port that management software uses to monitor and control the operation of Configuration Server. If not specified, management agents cannot monitor and control the operation of Configuration Server. You cannot set this option to the value specified for the port option.
max-client-output-queue-size
Default Value: 1024
Valid Values:
0 | No limit |
Any positive integer | Threshold value (in KB) |
Changes Take Effect: Immediately
Specifies the threshold on the amount of memory (in KB), used by prepared unsent data for a single client, at which Configuration Server defers processing requests from that client.
When the amount of unsent data drops below that threshold, Configuration Server restarts processing incoming requests from the client in the order that they were originally received.
max-output-queue-size
Default Value: 0 Valid Values:
0 | No limit |
Any positive integer | Threshold value (in MB) |
Changes Take Effect: Immediately
Specifies the threshold on the total amount of memory (in MB), used by prepared unsent data, at which Configuration Server defers processing of all incoming requests. While processing of the incoming requests is deferred, Configuration Server continues to receive and store incoming requests for further processing.
When the amount of unsent data drops below that threshold, Configuration Server restarts processing incoming requests.
multi-languages
Default Value: false
Valid Values: false, true
Changes Take Effect: At first start of Configuration Server; subsequent changes not permitted
Specifies if Configuration Server supports UTF-8 encoding internally.
objects-cache
Default Value: true
Valid Values: true, false
Changes Take Effect: After restart
Specifies if Configuration Server uses internal caching. When set to true, Configuration Server caches objects requested by client applications. This is the default behavior of Configuration Server in previous releases. When this option is set to false, the objects are not cached, reducing the amount of memory used by Configuration Server.
packet-size
Default Value: 1024000
Valid Values: 1–2147483648
Changes Take Effect: After restart
Specifies, in bytes, the target maximum size of the packet in a single message.
password-change
Default Value: true
Valid Values: true, false
Changes Take Effect: After restart
Specifies whether Configuration Server allows users to change his or her own password, if the user does not have Change permission for his or her own object. If set to false, the user can change his or her own password only if he or she has Change permissions on his or her own object. If this option is set to true (default), Configuration Server allows the user to change the password regardless of the Change permission.
For more information about this option and how to use it in your password system, refer to the User Passwords section of the Genesys Security Deployment Guide.
peer-switchover-tmout
Default Value: 30
Valid Values: 10—600
Changes Take Effect: After restart
Specifies the time interval (in seconds) that a Configuration Server, when switching to primary, waits for the other Configuration Server in the HA pair to close its side of the connection between the two servers. The servers cannot switch over if one server has the connection open. If the specified time expires before the connection is closed, the switchover request is ignored and the server mode does not change.
port
Default Value: No default value
Valid Values: Any valid TCP/IP port
Changes Take Effect: After restart
Specifies the TCP/IP port that Configuration Server clients use to connect to this server.
primary-master-response-timeout
Default Value: 600
Valid Values: Any positive integer
Changes Take Effect: Immediately
Specifies the time interval, in seconds, the backup Configuration Server and Configuration Server Proxy waits for a response from the primary master Configuration Server while loading data from it. If this timeout expires, connection to the primary master Configuration Server is closed and then reconnection and data loading processes are reattempted from scratch.
For master Configuration Server, set this option in the main section of Configuration Server primary and backup to enable this functionality during startup. For the proxies, this option must be specified in the command line.
primary-startup-tmout
Default Value: 30
Valid Values: 1—MAXINT
Changes Take Effect: After restart
Specifies the time interval (in seconds) that the backup Configuration Server waits for the primary Configuration Server to finish starting up and run as primary before continuing its own startup.
When two Configuration Servers in an HA pair start at the same time and detect each other’s presence before either has completed its initialization, this option effectively determines which server starts as primary and which starts as backup. In this case, the server configured as primary continues its startup and initialization to completion to run as the primary Configuration Server. The server configured as backup, delays its initialization and waits for the primary server to start up and open its ports. After the time specified by this option, the backup Configuration Server attempts to connect to the now-running primary Configuration Server, and if successful, continues its start-up as backup.
- Genesys strongly recommends that, to avoid concurrency during startup, you start one Configuration Server at a time.
- Do not use this option unless instructed to do so by Genesys Customer Care.
session-restore-auth
Default Value: empty
Valid Values: empty, username, password
Changes Take Effect: After restart
Specifies the authentication method to be used when the Client application restores its connection with Configuration Server with the restoration request (MSGCFG_RESTORESESSION). You can set this option either in the Client application or Configuration Server application. However, the authentication method configured in the Client application takes precedence. You can set empty, username or password as authentication methods. By default, empty is set.
- username - during connection restoration, username with old cached session's username will be validated.
- password - during connection restoration, password and username with old cached session's username and password will be validated.
- empty - during connection restoration, no authentication occurs.
server
Default Value: No default value
Valid Values: Any character string
Changes Take Effect: After restart
Specifies the name of the Configuration Database section in the configuration file; see Configuration Database Section. You must specify a value for this option.
upgrade-mode
Default Value: 0
Valid Values: 0, 1
Changes Take Effect: After restart
Used during migration to specify if peer Configuration Servers are able to start up side-by-side without contacting each other. If set to 1, this independent side-by-side startup is permitted. If set to 0 (zero, the default), the startup of one Configuration Server is communicated to the other. For more information about the requirement for migration with minimum downturn, refer to the Management Framework Migration Guide.
Configuring ADDP Between Primary and Backup Configuration Servers
Use the options in this section to configure Advanced Disconnect Detection Protocol (ADDP) between primary and backup Configuration Servers. Configure the options in the following sections:
- In the primary Configuration Server, set them in the confserv section.
- In the backup Configuration Server, set them in the section that has the same name as the backup Configuration Server Application name.
protocol
Default Value: No default value
Valid Values: addp
Changes Take Effect: After restart
Specifies if ADDP is to be used between the primary and backup Configuration Servers. If set to addp, the ADDP protocol is implemented as defined by the configuration options addp-timeout, addp-remote-timeout, and addp-trace in the same configuration server section (confserv, or its equivalent in the backup Configuration Server) of the configuration file. If this option is set to any other value, or if it is not specified at all, ADDP is not used and the ADDP-related configuration options in this section are ignored.
addp-remote-timeout
Default Value: 0
Valid Values: 0–3600
Changes Take Effect: After restart
Specifies the time interval, in seconds, that Configuration Server in backup mode instructs the other Configuration Server in the redundant pair to use when polling to check the connection between the two servers. If set to zero (0), Configuration Server in backup mode does not send any such instruction. This option applies only if the value of the protocol option is addp.
addp-timeout
Default Value: 0
Valid Values: 0–3600
Changes Take Effect: After restart
Specifies the time interval, in seconds, that Configuration Server in backup mode waits before polling the other Configuration Server in the redundant pair. If set to zero (0), Configuration Server in backup mode does not poll the other Configuration Server in the redundant pair. This option applies only if the value of the protocol option is addp.
addp-trace
Default Value: off Valid Values:
false, no, off | Turns ADDP off. |
true, yes, on, local | ADDP trace occurs on the side of the Configuration Server in backup mode. |
remote | ADDP trace occurs on the side of the Configuration Server in primary mode. |
both, full | ADDP trace occurs at both the primary and backup Configuration Servers. |
Changes Take Effect: After restart
Determines whether ADDP messages are written to the primary and backup Configuration Servers log files. This option applies only if the value of the protocol option is addp.