Getting A BorderManager Server to Shut Down Quickly - Jan 11, 2003

Jan. 11, 2003 - Changed load order in BMON.NCF so that SurfControl CPFILTER.NLM loads before BorderManager. CyberPatrol didn't care, but SurfControl does.

Apr. 4, 2002 - Corrected typo in BMON.NCF (had LOAD BRDSRVR, should have been BRDSRV).

Mar. 27, 2002 - Previous version of BMOFF.NCF causes an ABEND on test versions of BorderManager 3.7. I have altered the sequence of unload commands to match the STOPBRD.NCF file sequence supplied with BorderManager 3.7.

Feb. 12, 2002 - Too many problems arise from using the BMOFF / BMON files with the /NOLOAD option. I have updated both files with new versions. CSATPXY is neither unloaded nor loaded in these files anymore, and the /NOLOAD section is commented out by default These versions should be more reliable. (For the same reason, I have removed mention of the IPXF module).

August 7, 2001 - The new BM3XC02.EXE patch has a new ACLCHECK that does not require a /S command line option.

July 28, 2001 - Corrected BMON.NCF. (Had IPXF loading twice)

July 8, 2001 - Moved LOAD IPXF in front of LOAD PROXY -M to prevent an ABEND possibility.

July 7, 2001 - Corrected several typos where I mistakenly said LOAD PROXY /NOLOAD instead of LOAD BRDSRV /NOLOAD.

Some of you may have noticed that it can take quite a while for a BorderManager server to shut down after giving a DOWN command at the console. I think a lot of the delay may have to do with directory services being unavailable before the BorderManager licenses are released, leading to long delays while BorderManager tries to release it's (NLS-based) licenses. In any event, I have found that the following NCF file seems to help a lot when trying to shut down a BorderManager 3.0 - 3.6 server. [BorderManager 3.7 and 3.8 have a STOPBRD.NCF file to shut it down]. Feel free to make your own, and modify as suits you. (You might want to add the DOWN command to the end of this file).
BMOFF.NCF (Download mine from the link below, use LOAD EDIT BMOFF.NCF to create the file, or use any text editor, and save the file to SYS:SYSTEM)

>Note 1: I just updated this on July 25, 2000, because I forgot about the authchk.nlm, which is used for proxy authentication.

Note 2, Feb 1, 2001: I added a delay of 10 seconds to the UNLOAD PROXYCFG line with the ? on the advice of a user who found that his server abended without a slight delay. (I have never seen that problem myself).

Note 3, Feb. 22: I've made changes to the BMON.NCF file to make use of the /NOLOAD and -M options as explained here.



Note 4, Mar. 11: I found two additional NLM's that must be manually loaded if you use the /NOLOAD option. The AUTHGW.NLM in particular is important as Client-Site VPN will fail without it loaded.

Note 5, May 18: I removed the ineffective port number option for CSATPXY in BMON.NCF and changed the comment. If you do not load CSATPXY before starting BRDSRV with the /NOLOAD option, you can get an ABEND from Portal - don't comment out the Load CSATPXY line! Also, some of the command line options do not work on older versions of the files. Be sure you have applied the latest patches. See Tip #1 at this web site. (Note 6, Feb. 12, 2002 - I removed all mention of CSATPXY from the files!)

rem Craig Johnson, Mar. 27, 2002 See http://nscsysop.hypermart.net
rem Note: The unload sequence is significant and some other sequences
rem can cause abends on certain patch levels/versions of BorderManager!
rem Unloads most BorderManager-related NLM's
unload proxy
rem Unload all possible VPN modules
unload authgw.nlm
unload vpncfg.nlm
unload vpmaster.nlm
unload vpslave.nlm
unload vptunnel.lan
unload vpninf.nlm
rem Unload remaining BorderManager modules
unload proxycfg
rem unload IPX/IP, IP/IP and SOCKS Gateway
unload ipxipgw
unload authchk
rem Unload CyberPatrol / Surfcontrol
unload cpfilter
rem Unload Access Rules module
unload aclcheck
rem Unload main BorderManager monitoring and alert modules
unload brdmon
unload nbmalert
unload brdsrv

The BMOFF.NCF file can be downloaded from HERE.

So, maybe you are doing some testing and want to unload everything and restart BorderManager? Here's another NCF file which I use to reload the services:

BMON.NCF (Download mine from the link below, use LOAD EDIT BMOFF.NCF to create the file, or use any text editor, and save the file to SYS:SYSTEM)

Rem Craig Johnson, April 4, 2002 See http://nscsysop.hypermart.net
Rem I don't recommend using the NOLOAD option. Best to just skip to the SIMPLE
Rem section shown below.
Rem COMPLEX SECTION - uncomment the Load lines if you really need them.
Rem *** Don't use the /NOLOAD section unless you really need to use the -M option
rem *** with Mail Proxy! The /NOLOAD option can really make loading and unloading
rem *** BorderManager tricky. (Meaning possible ABENDS on reloading)
rem *The NOLOAD proxy prevents autoloading of most other BorderManager modules
rem Load BRDSRV /NOLOAD
rem *The /S options represses certain (cosmetic) error messages.
rem Load ACLCHECK /S
rem *Not needed if already loaded, but the /NOLOAD option above will cause an ABEND when
rem *PROXY loads if you don't load this first.
rem Load IPXF
rem *The /M option tells Mail Proxy to query more than one MX record if needed
rem Load PROXY -M
Rem *Loads CyberPatrol / Surfcontrol
rem Load SYS:ETC\CPFILTER\CPFILTER
Rem *Load additional options that do not autoload with the BRDSRV /NOLOAD option
rem Load AUTHGW

Rem SIMPLE BorderManager Load Section
Rem *Load CyberPatrol / Surfcontrol
Load SYS:ETC\CPFILTER\CPFILTER
Rem *Start most BorderManager services
Load BRDSRV
Rem *Loads VPN control module - select the one you are using,
Rem *or comment out both if not using VPN.
Load VPMASTER
rem Load VPSLAVE

And you can download the BMON.NCF file HERE. (You may need to hold down the shift key when you click this link).

The /S option for ACLCHECK is explained in the BM35C06.EXE (or later) patch instructions. It tells ACLCHECK not to display those annoying "can't resolve IP address for xx.xx.xx.xx" messages on the console. See the readme files in the BM35Cxx.EXE patch for additional ACLCHECK command line options. See this link for explanation of the command line options.

NOTE: August 7, 2001 - The BM3XC02.EXE patch contains a new version of ACLCHECK that already disables the error message mentioned above, without needing a /S.



Return to the Main Page