I cannot find the Windows equivalent in the VCS Admin Guide for Windows, but VCS commands on Windows are generally the same as Unix/Linux.

Try this method documented in the VCS Admin Guide for Linux:

Marianne is right, halogin information is not in the Windows VCS Admin guide for 6.0 or 5.1, but it works for 5.1 on Windows, because I have used it.  Note authentication changed to "Embedded" in 6.0 so it works differently from 5.1, but as the UNIX 6.0 halogin commands in Admin guide are the same as 5.1, I assume the commands Marianne listed should work in Windows 6.0.  A few additional comments

The VCS_DOMAINTYPE should be set to "nt" as this means "AD domain"

If VCS_DOMAIN shows as abc for user logged in on GUI, then you should use this in command line rather than abc.xyz.com

Giving password as an argument to halogin is optional, you can just use "halogin user" and then it will prompt for password which as in a normal login, can't be seen as you type it.  If you are using a script then you can specify password in script by using "halogin vcsusername password", but this is not very secure to have a plain text password in a script, so what worked in 5.1 for UNIX was:
As a one-off, use "halogin user" manually as the user the script will run as and this should create a hidden .vcspwd file containing an encrptyed password and this file remains there until you run "halogin -endsession host" or "halogin -endallsessions", so if you DON'T run this, then you should be able to subsequently run commands WITHOUT having to use halogin, even if you log out and log back in again.

In 5.1, you could use command vssat to give you information about authentication - if this is still available in 6.0, you can try the following to give useful info:

vssat showallbrokerdomains
vssat showcred

Mike

Thanks for the replies.

Editted my post a little for clarity about the domain names - AD domain is, for example "foo", while NIS/DNS domain is "abc.xyz.com" - no commonality between them.  The domain that shows up in the VCS GUI for user "testuser" is "FOO" - the AD domain name.

I've searched, and as near as I can tell there is no such thing as "halogin" in VCS 6.0.1 for Windows.  But, under single sign-on / secure server mode, there should be no need for it, as VCS is supposed to use the OS authentication methods, or to be more precise, accept that user authenticated by the OS mechanisms do not need further authentication.  

I have used halogin on Unix VCS system (and indeed, it still exists in VCS 6.0.2 for Unix) to allow non-root users to run ha* commands to access cluster info, but it shouldn't be necessary with VCS for Windows under secure/SSO mode.  In any case, as I said, there is no halogin.exe in VCS 6.0.1 on Windows, or at least if it does exist it wasn't installed with VCS.

I've just tried setting the environment variables as suggested above, although I couldn't do step 3 and run halogin, but it didn't make any difference.

vssat.exe is not found in any of the paths set in the PATH environment variable by the VCS installer.  I did find it in the C:\Program Files\Veritas\VERITAS Object Bus\eat\bin directory, but running it only gives me this:

C:\Program Files\Veritas\VERITAS Object Bus\eat\bin>vssat showcred

vssat initAtHandle ERROR V-18-7115 Failed To Initialize Authentication Library.

In my previous post I said halogin "works for 5.1 on Windows, because I have used it", but looking back at some docs I wrote, I was actually using halogin in UNIX to run VCS commands on a Windows cluster and I think the Windows cluster may have been unsecure, so halogin may not have existed for VCS 5.1 Windows either.

Bizarrely , this means you MAY get your script to work if you run it from a UNIX cluster as follows:

VCS_HOST=ip_or_host_name_windows_cluster_node
VCS_DOMAIN=foo
VCS_DOMAIN_TYPE=nt
export VCS_HOST VCS_DOMAIN VCS_DOMAIN_TYPE
halogin user password (or you may have to use user@FOO)
hagrp -list

Mike

I need to be able to run the script (which in turn runs hastatus, hagrp, etc) from the actual cluster node for my purposes.

I'm seeing some references in various documents and guides to the "Symantec Product Authentication Service(s)", and wonder if that is something I need to install and configure, although it doesn't appear that it is a separate products anymore.

Continuing to investigate...

Ryan

You are correct vxAT is not a separate product any more for VCS, which is why the directory name that contains vssat is called "eat" - embedded AT.  According to the Windows VCS 6.0 admin guide you can still use vssat commands - see details for a GCO steward, which shows commands you run on VCS cluster node (not steward node):

See the Quick Start Guide for Symantec Product Authentication Service for

instructions.

5. Create an account for the Steward in any authentication broker of the clusters

that are part of the global cluster. All cluster nodes serve as authentication

brokers when the cluster runs in secure mode.

vssat addprpl --pdrtype ab --domain

HA_SERVICES@<fully_qualified_name_of_cluster_node_on_which_t

his_command_is_being_run> --prplname Steward_GCO_systemname

--password password --prpltype service

The Windows VCS 6.0 admin guide also says:

Note: On Windows Server 2008, if User Access Control (UAC) is enabled and

configured, all VCS commands must be run in the Run as administrator mode. To

launch the command prompt in the administrator mode, right-click the command

prompt shortcut from the Windows Start menu and click Run as administrator

from the context menu. See the Microsoft documentation for more information

on UAC