For use with Version 8 Release 8.3.0

Date: 17 May 2015

Contents

These special instructions contain the following information specific to HMC V8 R8.3.0 code level.

• Description
• Upgrade notes
• Enhancements and new function
• General fixes
• Known issues in HMC
• Web browser requirements
• Installation
• National Language Support

This package represents the Recovery image that can be used to upgrade your HMC from HMC V8 R8.1.0 or higher to HMC V8 R8.3.0. This package can also be used to install a clean version of HMC V8 R8.3.0. You can also reference this package by APAR MB03901 and PTF MH01513. The mandatory PTF is APAR MB03902 and PTF MH01514.

• Call Home support for modem (dial-in via AT&T Global Network) and Internet VPN is disabled.  The only supported method for Electronic Service Agent (ESA) connections for V8R8.3.0 and higher is "Internet". 
  
  
  • The list of gateway IP addresses has changed.  For a list of the new gateway access points see the "ESA for HMC Connectivity Security… " document at
                     http://www-01.ibm.com/support/esa/security.htm
  
  
  • The legacy internet proxy configuration was removed.  If an internet proxy was configured prior to the upgrade, administrators should verify or re-configure the proxy as needed and test the configuration.
    
    
  • On the Outbound Connectivity > Internet Connectivity Settings panel, the "test" button only tests a subset of possible ip addresses used.  Users should also test the HMC internet connectivity by submitting a test PMR.
    
    
  • For information on configuring Internet SSL Service and Support connection see http://www-01.ibm.com/support/knowledgecenter/8247-22L/p8hai/configuringthehmcasacall-homeserverusinglan-basedinternetandtlsssl.htm?cp=8247-22L&lang=en 
  
  
• Beginning June 30, 2015, a new server is required for customers using Electronic Service Agent on the HMC to Call Home to IBM.  Ensure any external firewall allows https connection to new server IP 129.42.50.224.  For a list of all required IP addresses and ports see the whitepaper "ESA for HMC Connectivity Security for IBM POWER6, POWER7 and POWER8 Processor-Based Systems and IBM Storage Systems DS8000" available at:
  http://www-01.ibm.com/support/esa/security.htm
  
  
• The following Power8 systems are supported by this level of HMC V8 R8.3.0:
  
  • IBM Power System S812L (8247-21L)
  • IBM Power System S822L (8247-22L)
  • IBM Power System S822 (8284-22A)
  • IBM Power System S814 (8286-41A)
  • IBM Power System S824 (8286-42A)
  • IBM Power System S824L (8247-42L)
  • IBM Power System E870 Server (9119-MME)
  • IBM Power System E850, (8408-E8E)
  • IBM Power System E880 Server (9119-MHE)
  
  
• HMC V8 R8.3.0 continues to provide support for Power6 and Power7 based systems.
  
  
• POWER5 servers are not supported from HMC V8. Attempts to manage POWER5 servers will result in a connection state of Version Mismatch and connection_error_code "Connection not allowed 0009-0008-00000000".
  
  
• HMC V8 R8.3.0 supports the following HMC models:
  
  • Deskside: C08
  • Rack Mount: CR5, CR6, CR7, and CR8
    
    
• HMC V8 R8.3.0 does not support models CR2, CR3, CR4 and C03, C04, C05, C06, C07.
  
  
• HMC V8 requires 2GB memory; 4GB memory is recommended, if you are running enhanced+ UI. If you run with over 300 partitions, it is recommended to have 8GB memory.
  
  
• The HMC must be version V8 R8.1.0 or later to be upgraded to HMC V8 R8.3.0. This requirement is enforced at install.
  
  
• When two HMCs manage the same server, both HMCs must be at the same version.
  
  
• If a server is connected to two different versions (i.e. Version 7 and Version 8) of the HMC, the higher version HMC will upgrade the partition configuration (profile data of the system) to the latest version. After the partition configuration upgrade, lower levels of the HMC will not be able to interpret the data correctly. After the server is managed by the higher version of the HMC, you must first initialize the server before you can go back to the lower version of the HMC. You can restore a backup that is taken at the older level or re-create the partitions. If the server is not initialized, one of the following outcomes can occur depending on the version of the lower-level HMC:
  
  • HMC Version 7 Release 7.8.0 and 7.9.0 report a connection error of Version mismatch with reference code Save Area Version Mismatch if the server has been managed by Version 8.
  • HMC Version 7 Release 7.8.0 reports a connection error of Version mismatch with reference code Save Area Version Mismatch if the server has been managed by Release 7.9.0 or Version 8.
  • HMC Version 7 Release 7.7.0 and earlier might report a server state of Incomplete or Recovery if the server has been managed by a later version and / or release. In addition, partition configuration corruption may occur.
    
    
• It is recommended to have all connected VIOS servers on one of the latest levels i.e. VIOS level 2.2.3, 2.2.2 or 2.2.1. To have optimal performance from enhanced+ UI, make sure all VIOS are at 2.2.3.X level.
  
  
• It is recommended to have all running partitions (AIX Linux and VIOS) which already having RSCT levels 3.2.0.0/3.2.0.1 to be on the latest RSCT levels i.e. 3.2.0.5 or later (The latest available is 3.2.0.6). you can find the RSCT version with '/usr/sbin/rsct/install/bin/ctversion -bv'
  
  
• HMC V8 R8.3.0 supports managing a maximum of 48 servers (non-Power 595/780/795 models) or 32 IBM Power 595/780/795 servers with a maximum of 1024 partitions across the managed servers.
  
  
• Special Install Instructions: Installing mandatory PTF MH01514 using the Enhanced+ interface may hang.  Prior to installing this PTF using the web browser graphical interface perform the following:

1. If already logged in to the HMC using Enhanced+ GUI, log off the HMC.
2. Log in again selecting the Log In option of "Classic".
3. Install using the normal installation instructions.
   

Alternatively, install this PTF using CLI.

• If installation of mandatory PTF MH01514 fails after hanging on section "Installing PMC Rest...." the HMC should be rebooted and the installation retried.
  
  
• Serviceable event E2FF4304 may be reported during PTF installation and can be ignored.  This event indicates an temporary file access issue during efix installation and will not affect normal HMC operation.
  
  

• Login panel option updates: There are three login options:
  
  • Classic ==> The Classic interface provides access to all traditional functions of the HMC
  • Enhanced+ ==> The Enhanced+ interface provides access to the new HMC console GUI. This version is redesigned from the ground-up with a new look-and-feel, and interactions with an effort placed on simplification. It offers updated functions for managing PowerVM, managing partitions, template capture/deploy, virtual networking resource diagram, and an updated network install UI for partition OS and VIOS. These tasks are integrated into a dashboard view making it easy to view system resources, ‘pin’ frequently accessed pages, and search help topics.
  • Last Log In ==> This option opens the UI in the last Log In type. At installation, this option defaults to Classic mode.
  
  
• Remote Restart is supported when the source managed system is in Initializing state in addition to the other supported states.
  
  

This package provides the following fixes:

• Fixed an issue with RVTrace file rotation handling
  
• Fixed an issue to now display an error message to the user on creation of virtual Ethernet adapters when the adapter id is higher than the max allowed
  
• Fixed an issue during immediate shutdown of the OS for an IBM i partition presented erroneous message “HSCL3415 The concurrent maintenance operation failed.”
  
• Added validation to prevent leaving custom MAC address blank on SR-IOV adapters
  
• Fixed an issue with auto-offload of SYSDUMPs from the FSP to the HMC
  
• Fixed an issue to ensure only the targeted system is surveyed for I/O firmware updates
  
• Fixed an issue where a shared memory IBM i partition becomes  a dedicated memory partition after a failed DLPAR memory operation
  
• Fixed a problem for the Enterprise CoD pool  where the system name shows as blank after the pool is created or recovered.
  
• Fixed a problem when a system profile contains profiles that have configured SR-IOV logical ports on physical port 3 of any adapter, the system profile activation fails with “There is a problem with the HMC repository”
  
• Fixed an issue when a cable card is installed in a desired slot at lpar activation resulting in error message “HSCL12DA The I/O slot {0} contains an adapter that cannot be assigned to partitions because it is managed by the managed system”
  
• Fixed an issue  to remove the distribution number displayed for the VIOS level  in the os_version value of the lssyscfg command
  
• Added a recovery procedure message on Repair/Exchange FRU procedure when a lock cannot be released.
  
• Fixed an issue that allowed special characters in the managed server name
  
• Fixed an issue to display the correct adapter description of 2-PORT 56Gb FDR IB PCIe x16 Adapter instead of Ethernet Controller
  
• Fixed a problem where an invalid configuration file caused pool data to be incorrect causing the available pool resource to appear to be a huge number.
  
• Fixed a problem when deleting a virtual network from a shutdown partition resulted in error "HSCL8016 An unknown error occurred while trying to perform this command.” instead of the correct message that it is not allowed when the VIOS is shutdown.
  
• Fixed an issue to display an error with lshwres when an incorrect lpar name was specified instead of returning “No results were found.”
  
• Fixed an issue where the iqyylog would report error +PEL_LOG_ERR    E3326701 during Problem Analysis routines
  
• Fixed a problem  when moving dedicated processors to shared processors and the destination partition is a IBMi partition, the operation fails with message HSCL2935
  
• Fixed missing OS level in lspartition -sfp that could affect to Service Focal Point functions
  
• Fixed an issue to prevent 770 firmware installation on 8205-E6C systems
  
• Fixed lshwres -r io --rsubtype slotchildren command output issues
  
• Fixed a problem where intermittently, a POWER8 server with firmware EC level 01AF820 may go to a No Connection state with connection_error_code of 02FF-0003-008087E9 after a FSP restart.
  
• Fixed an issue to ensure firmware sync is performed when replacing secondary FSP
  
• Fixed a display issue under the server  to allow changing of the "Max Page Size" value to display the full lpar list instead of the default of 500
  
• Fixed an issue with Enhanced console login returning a message "Firefox cannot establish a connection to the server at 127.0.0.1"
  
• Fixed an issue when migrating an IBM I partition  from a server with 5250 capability where the HMC does not validate the target also has 5250 capability. 
  
• Fixed a problem where server firmware updates using Internet repository may fail to locate or acquire updates when the server is entitled for support outside of the US.
  
• Fixed an issue where pressing F10 in the vterm console Java window hangs the HMC GUI
  
• Fixed memory management when performing large numbers of migration operations for an extended time.
  
• Fixed an issue where saveupgdata command to a USB device may incorrectly report "Total number of sectors (nnnnnnnn) not a multiple of sectors per track (nn)!".
  
• Fixed an issue with importing VIOS images unsuccessfully and filling up /extra with no warning or error
  
• Fixed an issue when activating the current configuration of a remote restarted partition via GUI reporting no error or warning, but partition does not start.
  
• Fixed an issue with Leap Second, where HMC could encounter a system hang or performance degradation after the leap second is added at the end of June 30th 2015.
  
• Fixed an issue where deleting partitions with SSP configured may not show all associated disks to be deleted
  
• Fixed an issue to prevent a managed system going to Incomplete for a short period of time causing operations to fail.
  
• Fixed a problem where backup console data to a remote FTP server may fail with HSCLA50C.
  
• Removed unused CPW values from add/remove processor function for IBM i.
  
• Fixed an issue with /var filling up do to logging warning messages to /var/log/warn.
  
• Fixed an issue to no longer call home  informational SRCs E302FA09 and E3690102
  
• Fixed an issue to prevent error E2FF1801 from occurring and calling home
  
• Fixed an issue where some USB flash drives are not recognized by the GUI tasks and attempting to use the drive may result in / filling up.  
  
• Prevent SRC B3030001 from logging during  HMC to FSP connection resets
  
• Fixed an issue where  a hung IBMi  RMC connection  holds a lock that  prevents all future lpar change updates (including state and reference code).
  
• Fixed a problem that caused the lsmemopt -r lpar -o currscore or lsmemopt -r lpar -o calcscore command to fail when run on a server with more than 500 partitions.
  
• Fixed a problem where create system plan does not show the correct shared processor pool
  
• Fixed a problem where HMC may report E35A0017 and E35A0016
  
• Fixed an issue where backup using sftp fails with HSCPE0198 when the ftp server does not support the space check command.
  
• Fixed an issue where server firmware entitlement key checking failed when the HMC itself is not entitled.
  
• Fixed an issue where the  HMC lists local clock as UTC in GUI regardless of the time zone set
  
• Added  additional logging and traces for capturing delays when running lshmc -n
  
• Fix an LparCmdRM crash during a set backup master or set master to a CoD Pool.
  
• Fixed a problem with server firmware updates/upgrades using Internet repository where the HMC returned an incorrect "no available firmware" message when it should have returned an entitlement failure error message.
  
• Fixed an issue to prevent /var from filling due to an issue with system log rotation
  

Repair and Verify Fixes

• Fixed an issue with translation for the formatting of the listed steps in the panel when doing a fan repair
• Added B15A3303 to list of ignorable events during Repair and Verify procedure
• Added steps to remove extra FRUs from a node or control unit when putting it into service position to sufficiently lighten the load on the rails.
• Updated Power8 planar replacement procedure instructions to include restoring system serial number.
• Fixed an issue when doing a Repair on a E3D4310A SRC shows an HTML Viewer error message
• Updated Repair procedure for FSP on Power8 system node to no longer terminate when using a problem to initiate the procedure
• Fixed an E302FA06 error during code update where the HMC  could not validate streams for 8406-71Y
• Fixed an issue where the  HMC lists local clock as UTC in GUI regardless of the time zone set
• Added  additional logging and traces for capturing delays when running lshmc -n

Security Fixes

Previously released fixes also included in this release:

• Fixed multiple vulnerabilities in IBM Java SDK: CVE-2014-6549 CVE-2015-0408 CVE-2015-0412 CVE-2015-0395 CVE-2015-0403 CVE-2015-0406 CVE-2015-0410 CVE-2015-0407 CVE-2015-0400 CVE-2014-6587 CVE-2014-6593 CVE-2014-6591 CVE-2014-6585 CVE-2014-6585 CVE-2014-8891 CVE-2014-8892
• Fixed multiple vulnerabilites in Kerberos: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
• CVE-2015-0204 (Freak)
• Fixed multiple vulnerabilities in OpenSSL: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
  

NOTE: Always refer to the IBM Product Security Incident Response (PSIRT) announcement for the list of affected products and versions and the appropriate Remediation/Fixes.  Subscribe to My Notifications to be notified of important product support alerts.

Command line changes

• The updlic and lslic commands have been enhanced to support SR-IOV adapter firmware updates.
  
  
• The chhwres command has been enhanced to allow the --force option to be used to force a virtual switch to be set to VEPA mode when the physical switch does not support the IEEE 802.1Qbg standard.
  
  
• A new option has been added to the chsacfg command to set the email address from which customer notification emails are sent.
  
  

• Idle Session Timeout minutes setting is not supported in the Enhanced+ GUI: even if this settings is set to a non-null positive value, the user session will never expire due to inactivity in the Enhanced+ GUI.
  
  • The support of this setting in Enhanced+ GUI will be added in 830 SP1.
    
    
• In NIST mode,
  • No local vterm when HMC is in NIST mode
  • Firefox ESR version 24 is not supported.
  • Oracle JRE 7 does not have matching NIST cipher so client browser using Oracle JRE 7 will not be able to open virtual terminal applet. As a workaround, upgrade to Oracle JRE 8.
  • RMC code on partition does not support two HMC connections with mixed configuration i.e. one HMC running in NIST mode and other one in non-NIST mode. Both the HMCs must be in the same mode.
  • HMC uses RSA 2048 type keys to communicate with LPARs. When user remove HMC V8 R8.3.0 and connect an older level HMC (i.e HMC V8 R8.1.0 or before), it will drive NIST mode on the LPARs to be disabled. However the LPARs would continue to use RSA 2048 type keys so there would be connection establishment issue. To resolve this problem, the LPAR admin should run '/usr/sbin/rsct/bin/chsecmode -c none -m rsa512' command on all the corresponding LPARs (This command can't be run if LPAR is running any HA software like TSA, PowerHA).
    
    
• In non-NIST mode,
  • Following ciphers are not supported although the available cipher list shows them:
  • TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
  
  
• To ensure that the keyboard mapping is working properly for non-English keyboards, the codeset for the locale must be set to UTF-8. You can change the codeset by using the chhmc command. Example:
  
  Set the locale to French with UTF-8 codeset for use with French keyboard.
  chhmc -c locale -s modify -l fr_FR.UTF-8
  
  Set the locale to English with UTF-8 codeset for use with French keyboard.
  chhmc -c locale -s modify -l en_US.UTF-8
  
  
• HMC V8 820.0 to V8 830.0 upgrade script replaces the default templates during the upgrade process. Any changes performed on the V8 810.1 default template will be over- written. HMC V8 810.1 to V8 830.0 upgrade script will add the Quick Start Templates to the existing Template Library and the user can delete the older Starter Templates manually if he/she wishes to.
  
  
• VIOS installation is supported only through Add VIOS
  
  
• You cannot use the GUI to set a new master HMC for a Power enterprise pool when the new master HMC is not configured as the backup master HMC for the pool or if the new master HMC does not have valid backup data for the pool. You can perform this operation by running one of the following HMC commands:
  
  chcodpool -o setmaster --mc this -p <pool name> -v -f <file>
              or
  chcodpool -o setmaster --mc this --id <pool ID> -v -f <file>
  
  
• In Enhanced+ UI, Manage VIOS -> Add Logical Host Ethernet Adapter page once user has performed add and remove of same HEA port, the HMC does not display the port again for addition. As workaround launch the Add Logical Host Ethernet Adapter page again.
  
  
• The Enhanced+ UI login mode does not support disconnected sessions like the Classic UI mode. In the Enhanced+ UI mode a session logoff is a logoff and a session disconnect is also a logoff. This means that the user cannot reconnect to the Enhanced+ UI session to resume his task(s) from where he had left off. Every login via the Enhanced+ mode creates a new session. For more details on long running tasks, please refer to http://www.ibm.com/support/knowledgecenter/8247-21L/p8eh6/p8eh6_loginmode.htm
  
  
• The "All Shared Storage Pool Clusters" will not launch successfully if any of the Virtual I/O Server managed by the HMC is not configured properly. This includes the Virtual I/O Servers that are not Nodes in the Shared Storage Pool Clusters in the HMC.
  
  
• Use ALL Systems relational view from which you can view all the partition grouped by System. In this view we can easily see the partition been migrated from one system to the other.
  
  
• In some rare situations, especially with Firefox browser, the user maybe be redirected to a second login page after having provided and validated his credentials.
  Then, providing again the credentials will fail. If this issue occurs the user just need to close and re-launch the browser to make it work.
  
  
• The "All Shared Storage Pool Clusters" will not launch successfully if any Virtual I/O Server managed by the HMC is not configured properly. This includes the Virtual I/O Servers that are not Nodes in the Shared Storage Pool Clusters in the HMC
  
  
• In the enhanced all partitions view, the checkbox and row data may not align correctly. 
  
  

Back to top

Learn about the requirements your web browser must meet to monitor and control the HMC.

HMC web browser support requires HTML 2.0, JavaScript 1.0, Java™ Virtual Machine (JVM), Java Runtime Environment (JRE) Version 7 or later, and cookie support in browsers that will connect to the HMC. Contact your support personnel to assist you in determining if your browser is configured with a Java Virtual Machine. The web browser must use HTTP 1.1. If you are using a proxy server, HTTP 1.1 must be enabled for the proxy connections. Additionally, pop-ups must be enabled for all HMCs addressed in the browser if running with pop-ups disabled. The following browsers have been tested:

Google Chrome

HMC Version 8.3.0 supports Google Chrome Version 40.

Microsoft Internet Explorer

HMC Version 8.3.0 supports Internet Explorer 11.0.

• If your browser is configured to use an Internet proxy, then local Internet addresses are included in the exception list. Consult your network administrator for more information. If you still need to use the proxy to get to the Hardware Management Console, enable Use HTTP 1.1 through proxy connections under the Advanced tab in your Internet Options window.

• It is recommended to have:

• Browser security setting in internet zone. If you are running security mode in "Local intranet" mode, make sure you do not have any setting to detect intranet network; disable Compatibility view.
• Browser zoom setting to 100%.

Internet Explorer restriction

When trying to close an Enhanced+ modal popup window in Internet Explorer, a prompt window will appear with the question "The webpage you are viewing is trying to close the tab. Do you want to close this tab?" You must answer "No" to this question to close only the popup. Otherwise, the whole application will be closed.

There are two known issues to add:

• Idle Session timeouts minutes parameter is ineffective in the Enhanced+ GUI. Even if this parameter is set to a positive value, the session will never been closed due to inactivity.

• In the Enhanced+ GUI, there is a known vertical alignment issue in the Partitions, Systems and Virtual IO Servers table views especially with the Firefox browser. The checkboxes to select the row, may not be exactly aligned vertically with the table row they are related to.  There is no functional issue.

Mozilla Firefox

HMC Version 8.3.0 supports Mozilla Firefox Version 24 and Mozilla Firefox Version 31 Extended Support Release (ESR). Ensure that the JavaScript options to raise or lower windows and to move or resize existing windows are enabled. To enable these options, click the Content tab in the browser's Options dialog, click Advanced next to the Enable JavaScript option, and then select the Raise or lower windows option and the Move or resize existing windows options. Use these options to easily switch between HMC tasks. For more information about the latest Mozilla Firefox ESR levels, see Security Advisories for Firefox ESR.

If you get certificate error while connecting Mozilla Firefox Version 24  to HMC, then change the certificate verification library by toggling the preference  "security.use_mozillapkix_verification"  to false in the about:config of Firefox browser. Refer below recommendation from Firefox forum https://support.mozilla.org/en-US/questions/1012036

Browser Cache & Application Cache Cleaning

In order to prevent from caching issue due to the 830 Enhanced+ GUI caching policy, please clear the Browser cache and Application:

In Microsoft Internet Explorer

Open the Browser
Select Tools
Select Internet Options
Under Browser History, select Delete
Check "Temporary Internet files and websites files" and "Cookies and website data"
Click on Delete

In Mozilla Firefox

1. In the top-right corner of the browser window click the menu button
    Choose History, and then Clear Recent History.
    In time range to clear, select "Everything"
    In the Details section, select "Cookies" and "Cache"
    Click on "Clear now"
2. In the top-right corner of the browser window click the menu button
    Choose Options > Advanced > Network >
    In "Offline Web Content and User Data" section click on "Clear Now"

In Google Chrome

1. In the top-right corner of the browser window, click the Chrome menu
    Choose History.
    Click the button Clear browsing data. A dialog will appear.
    From the drop-down menu, select "the beginning of time."
    Check the boxes "Cookies, site, and plug-in data" and "Cache"
    Click the button Clear browsing data.
2. Open the following url with the Chrome browser: chrome://appcache-internals/
    If there is an entry related to the target hmc, click the corresponding "Remove" link

Other web browser considerations

Session cookies need to be enabled in order for ASMI to work when connected to HMC remotely. The ASM proxy code saves session information and uses it.

Internet Explorer

1. Click Tools > Internet Options.
2. Click the Privacy tab and select Advanced.
3. Determine whether Always allow session cookies is checked.
4. If not checked, select Override automatic cookie handling and Always allow session cookies.
5. For the First-party Cookies and Third-party Cookies, choose block, prompt, or accept. Prompt is preferred, in which case you are prompted every time a site tries to write cookies. Some sites need to be allowed to write cookies.

Firefox

1. Click Tools > Options.
2. Click the Cookies Tab.
3. Select Allow sites to set cookies.
   If you want to allow only specific sites, select Exceptions, and add the HMC to allow access.