The information in this Readme contains fix list and other package information about the Hardware Management Console.

• HMC V7 R7.3.0 Service Pack 1
• Enhancements and fixes in HMC V7 R7.3.0 SP1
• Installation
• Additional information

This package includes fixes for HMC Version 7 Release 7.3.0. You can also reference this package by APAR MB03524. This image must be installed on top of HMC Version 7 Release 7.3.0 Recovery installation (MH01255) or Update installation (MH01256), with or without efixes.

This package provides the following new function and enhancements:

General

• Removed the -n flag from the lspsm command.
• Fixed a problem where users were unable to establish an IPsec Connection if the managed system name contained a dash (-).
• Fixed a problem where the lsipsec command was not displaying correctly.
• Fixed a problem where the Help button under System Properties Panel was not working.
• Prevent the "lshwres -r virtualio --rsubtype scsi --level lpar" command from failing if a partition is deleted after the command is issued but before it completes.
• Fixed a problem where attempting to add or remove a virtual switch from a 9125-F2A or 9125-F2C system results in a READ_ERROR attempting to read from Directory with error message "HSCL3670 There was an error accessing the management console persistent storage area".
• Fixed an issue where altering a Virtual Switch resource may result in the following error: "HSCL3670 There was an error accessing the management console persistent storage area".
• Fixed a problem where performing a dlpar add vSCSI or VFC adapter for a remote restartable partition without first creating the hosting server adapters may result in the dynamic add failure.
• Added GUI support for virtual ethernet as an IBM i load source.
• Prevent unsupported scheduled operations from being reconstituted back into the HMC console.
• Fixed a problem where NTP is disabled when a call home is performed over VPN.
• Added new model support for 7042-CR7.
• Fixed a problem where cleanup of remote restarted partition fails while getting the adapter information.
• Fixed a problem where concurrent remote restart validation fails due to lock problem.
• Fixed GUI display for Status and Location code columns under Reserved Storage Device Pool Management task.
• Fixed a problem that occurred during the migration of a shared memory partition. Sometimes the partition was migrated successfully to the target server, but the client partition did not get deleted from the source server. You can can manually delete the leftover partition on the source server.
• Fixed a problem that occurred during the concurrent migration of eight partitions. Sometimes one or more concurrent migration operations may fail because of a lock conflict issue. You can retry the failed migration operations.
• Fixed a problem where LPM Validate(s) HSCLA382: The destination managed system does not support Quality of Service virtual Ethernet priority levels.
• Added support to the lshwres command so that it lists virtual SCSI performance work.
• Fixed a problem where no Serviceable Events were reported when the Ethernet cable was pulled on the partition side.
• Added a timeout for a long running or hung vios command in LparCmdRM, so that the HMC is not blocked indefinitely.
• Fixed a problem where the LDAP scope attribute is not replicated between HMCs.
• Fixed an issue where Infiniband GUID can be unassigned from running partitions if several lpars are rebooted at the same time.
• CLI lshmcldap -r user and lshmcldap -r config require task LdapConfig in customized roles.
• While setting the promiscuous mode with chhwres command, access check was missing for the given set of parameters. Access related code is modified to provide access check for the given set of parameters.
• When trying to assign a LPAR to a shared processor pool with chhwres command, access check was missing for the given set of parameters. Access related code is modified to provide access check for the given set of parameters.
• EUC 2 bytes code characters are restricted as the role name.
• Fixed a problem where the lsnportlogin command, issued with a profile_names attribute that contains one of the non-existent profiles, does not display the actual error. With this fix, the actual error is also displayed.
• Fixed a problem where the chnportlogin or lsnportlogin command is issued when the NPIV capability of VIOS is less than 2 or equal to 2.
• Fixed a problem where WWPNs are not displayed as hexadecimal strings when the lsnportlogin command is issued.
• The concept of partial success does not apply to ls commands. The lsnportlogin command should only return 0 (zero) or 1 (a 0 would always be returned if there is output, a 1 would be returned if there was only an error message displayed - e.g. a syntax error occurred, or the user specified an invalid partition with the --filter option, etc.). In the case above, the return code should be 0.
• Fixed various interface and button enablement logic errors that occur during Open MES/Close MES/Display MES actions.
• Fixed an issue where PBMesUseWciiInstallProcedureComplete panel treats YES/NO radio button selection the same, when it should be delaying the procedure if NO has been selected.
• Issue where Panel text references 'HMC' directly has been fixed to incorporate more generic terms.
• Fixed an issue where text for Panel P7IhBpaBprInstall50 describes in point 2 that the BPR Good LED should turn on, when it should state that it should actually be blinking.
• Fixed a problem with excessive Ping tests in the UI.

Repair and Verify

• Serviceable events now save comments from service representatives.
• Increase timeout for FSP reboot on firmware update to accommodate newer Power systems.
• Fixed a problem where the LED does not identify for TRES24 drawer or any non BPC resident FRUS during 'Repair and Verify' exchange.
• Fix to honor selection of 'partial mirror mode' selection during applicable 'display service effect' step of 'Repair and Verify' procedure.
• Fixed a problem where low memory on HMC can trigger E3221007 from Problem Analysis code.
• Fixed a problem when adding a PUBook, all location codes are presented instead of the next available valid location.
• Extend HMC timeout for FRULevelDeactivate and FruLevelActivate to prevent possible FRU Exchange procedure timeout and subsequent hang.
• Add Front Cover Removal Tool procedure for 9117-MMB and 9179-MHB systems.
• Remove unnecessary Remove Rail step from PCI Exchange for 9117 and 9179 systems.
• Remove unnecessary steps from CEC FRUs that are non drawer exchanges for 9117 and 9179 systems.
• Remove unnecessary AMD redundancy check panels when CEC is powered off for 9117 and 9179 systems.

Security

• HMC Browser Autocomplete Enabled Before Authentication

  Form fields before authentication in the application have auto-complete enabled. Anyone using the same computer would be able to see information entered by a previous user. By not setting AutoComplete to OFF the users can purposely or accidentally save sensitive information into Browser Memory Space when saving informtion to their accounts. This situation can allow a malicious attacker to dump the clear text from memory and gain access to sensitive information.

• HMC Vulnerable to Link Injection Attacks

  Link Injection is the act of modifying the content of a site by embedding in it a URL to an external site, or to a script in the vulnerable site. By embedding a URL in the vulnerable site, an attacker is then able to use it as a platform to launch attacks against other sites, as well as against the vulnerable site itself. It is possible to cause a user's browser to issue automatic requests to virtually any site the attacker desires. As a result, the attacker may use this Link Injection vulnerability to launch several types of attacks.

• User Privilege Promotion

  Fixes for two vulnerabilities in which users with restricted rights could promote themselves to root access.

• HMC man command allows injected HTML

  Closed a vulnerability in which an authorized user could create a link injection attack by using the man command.

Installation instructions for HMC Version 7 updates and fixes can be found here:

Update corrective services instructions for HMC Version 7

Recovery media upgrade and installation instructions for HMC Version 7 can be found here:

Recovery media upgrade and installation

Instructions and images for upgrading via a remote network install can be found here (for all HMC releases):

HMC network installation images

Notes:

1. To burn the ISO image to media, you must use DVD-R media
2. The HMC Install Corrective Service task has been modified to allow corrective service installation by using the .iso packaging of the corrective service files that you can download from IBM. There is no requirement to burn CD-R or DVD-R media to use these files to install the corrective service.
   • To install the updates over the network, select the .iso file in the Select Service Package panel of the Install Corrective Service utility.
   • To use USB flash media to install updates, copy the .iso file to the flash media, and then select the file when prompted.
3. The updhmc command line command has also been modified to use the .iso file for installing corrective service updates. To use the command, follow the syntax in this example:
   updhmc -t s -h <myservername> -f </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install the corrective service.