Hardware Management Console Readme

For use with Version 8 Release 8.5.0 SP1

Updated: 7 February 2017

Contents

The information in this Readme contains the fix list and other package information about the Hardware Management Console.

PTF MH01681

This package include a fix for HMC from HMC Version 8 Release R8.5.0 Service Pack 1. You can also reference this package by PTF MH01681 and APAR MB04065.  This image must be installed on top of HMC Version 8 Release 8.5.0 Service Pack 1 (PTF MH01633) with or without additional PTFs.

Note: This PTF supersedes MH01664, MH01663, MH01669, and MH01673.

Package information
Package name Size Checksum (sha1sum) APAR# PTF#
MH01681.iso 1622833152 fb73231a617eebb917ef91fef9cce8256de46cb1
MB04065 MH01681
Splash Panel information (or lshmc -V output)

"version= Version: 8
 Release: 8.5.0
 Service Pack: 1
 HMC Build level 20170124.1
MH01681: Fix for HMC V8R8.5.0 SP1 (01-24-2017)
 ","base_version=V8R8.5.0
 "

Install Notes

1. Special Install Instructions: Installing this PTF using the Enhanced+ interface may hang.  Prior to installing this PTF using the web browser graphical interface perform the following:
1.    Log in again selecting the Log In option of "Classic".
2.    If already logged in to the HMC using Enhanced GUI, log off the HMC.
3.    Install using the normal installation instructions.
Alternatively, install this PTF using the CLI updhmc command.

List of fixes


Security fixes

General fixes

Previously released fixes also included in this PTF:





MH01673

12/9/16
  • Improved the performance of the Enhanced GUI, REST API interface and HMC command line for non-hscroot custom HMC users that have a task role of hmcsuperadmin and a resource role of AllSystemResources.
  • Fixed an issue with pedbg log collection that caused ctsnap_out data to be missing and also could cause SRC E212E136 to be called home due to /tmp filling up with ctsnap data.
  • Fixed a problem that caused various operations that use RMC to fail. Failing operations include PowerVC operations, DLPAR operations, the Enhanced GUI, and the lspartition command.  Symptoms include:
    • PowerVC logging REST API error "2610-639 The user could not be authenticated by the RMC subsystem"
    • lspartition -dlpar returning "Can't start local session rc=39!"
    • diagrmc including error "2612-024 Could not authenticate user."
    The recovery is to reboot the HMC.  This problem only impacts HMC V8R8.5.0 SP1 (PTF MH01633) with or without earlier iFixes.




MH01669

11/21/16
  • Added DST timezone changes for Turkey, leap second to 31 Dec 2016.
  • Changed the HMC install process to report the error SRC E3558801 when the installation of a service pack or iFix fails due to a rare RPM installation failure.  Prior to this fix, the service pack or iFix installation appeared to finish successfully.
  • Fixed another issue to prevent call home SRC E3D46FFF combined with System_Auth SRC E3D43104 due to a scheduled change credential password task that no longer is needed.
  • Fixed a problem that caused a blank window to be opened when the ASM interface for a server is launched.  This problem only occurs for servers which have newer versions of POWER 8 system firmware installed.
  • Fixed a problem in the Manage Software Service Information Transmission GUI window that sometimes prevented a partition from being successfully added to or removed from the list of partitions from which to collect software service information to call home even though no error was reported. This problem can only occur when the partition being added or removed has the same partition ID as another partition on another managed system the HMC is managing.
  • Fixed multiple OpenSSL vulnerabilities: CVE-2016-2180, CVE-2016-2182, and CVE-2016-6306




















MH01663

10/20/2016
  • Fixed a rare timing issue that can cause a partition migration operation to incorrectly fail with error "HSCL2957 Either there is currently no RMC connection between the management console and the partition <target partition> or the partition does not support dynamic partitioning operations" even though the RMC connection is actually active. 
    Circumvention: Confirm that the HMC lssyscfg -r lpar -m <managed system name> -Frmc_state command shows the RMC connection is active then try the partition migration operation again.
  • Fixed an issue where system initiated System Dump files were not being automatically called home.
  • Fixed a problem causing communication problems between the master HMC and the other HMCs managing a Power enterprise pool.  This problem only occurs if the first HMC added to a pool has the same private IP address as the master HMC, which causes the master HMC to set its IP address for pool communication to that private IP address (you can confirm this by displaying the master HMC's IP address via the Power enterprise pool GUI or the lscodpool command).  Symptoms include the inability to perform pool operations from managing HMCs, and an HMC  connection status of unavailable or Unknown.  If you have already been affected by this problem, after installing this service pack you must remove all of the managing HMCs from your pool, then add them all back.  This action will correct the master HMC's IP address.
  • Fixed a problem that caused every attempt to add a managing HMC to a Power enterprise pool to fail with the error "The operation sent to management console <IP> has timed out."  This problem occurs only if one of the following conditions is true: 1. The master HMC has an unconfigured Ethernet interface numbered lower than the interface used for HMC-HMC communication; 2. The IP address for an Ethernet interface numbered lower than the interface used for HMC-HMC communication or the IP address of the Ethernet interface used for HMC-HMC communication is updated on the master HMC and the HMC is not restarted after the update.  To work around this problem, reconfigure the master HMC's Ethernet interfaces so that the Ethernet interface to be used for HMC-HMC communication is numbered lower than any unconfigured interfaces, then restart the HMC.
  • Fixed a problem where some GUI views of system firmware levels such as the Updates,  System Code Levels table incorrectly show a deferred level of none (or blank) when a deferred level exists.
  • Fixed an issue causing the update of I/O device microcode from IBM microcode CD/DVD to fail with "HSCF0179W Operation was partially successful for <target>.
    An error occurred while attempting to update I/O microcode on <target>: An error occurred copying a file from the CDROM.  First verify the correct media is inserted in the drive, that there is space available on the target system, then try the operation again."
  • Fixed a rare error that can occur when the HMC is processing a property change event for a tree node representing a managed object or group while a managed system is being added to the HMC.  This error caused SRC E3551040 to be generated and called home.
  • Fixed a problem with persisted service data that can impact HMC model CR9s.  Symptoms include: all dumps from the managed server being deleted immediately after offload; new serviceable events reported by the server being discarded without a serviceable event being opened on the HMC.
  • Fixed a problem that caused the wrong HMC machine type, model and serial number to be displayed on the following HMC GUI screens: Service Management -> Enable Electronic Service Agent and Service Management -> Manage Inbound Connectivity -> Prepare -> Remote Service Session.  This problem occurs on CR9 model HMCs only.
  • Fixed a problem causing partition migration operations performed by PowerVC to fail when the ibmpowervm_mover_service_partitions attribute is specified in the nova.conf files.  This problem occurs only with Virtual I/O Server versions 2.2.4 and later.
  • Fixed IBM Websphere Application Server (WAS) vulnerabilities: CVE-2016-0378 and CVE-2016-5986.
  • Fixed Apache Tomcat vulnerability: CVE-2016-3092.
  • Set the X-Frame-Options HTTP response header from all HMC /dashboard URLs to instruct the browser to not allow framing from other domains. This change is intended to prevent Clickjacking attacks.
  • Disabled TLS 1.0 for HMC port 443 in legacy security mode.



MH01664

09/24/16
  • Fixed a problem causing the WLP server not to start after the HMC is rebooted, causing the REST API functions to not be available.  This impacts the enhanced GUI login, PowerVC, PCM and any other function that utilizes the REST API on the HMC.  This problem only occurs if the user runs the save upgrade data task and subsequently reboots the HMC without actually performing an HMC upgrade.  This fix prevents the problem from occuring again and also repairs HMCs previously impacted.
  • Fixed reports of 1100C001 and 1100C002 during an FSP repair procedure to be informational SRCs and not call home.
  • Fixed an issue where applying a fix or service pack could cause a user that launches vterm or other applets remotely to encounter a security error.  The java console log will show error "javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name" even though the host name is correct.
  • Fixed the HMC readme content link when launched from the HMC GUI

Installation

Special Install Instructions: Installing this PTF using the Enhanced+ interface may hang.  Prior to installing this PTF using the web browser graphical interface perform the following:
1.    Log in again selecting the Log In option of "Classic".
2.    If already logged in to the HMC using Enhanced GUI, log off the HMC.
3.    Install using the normal installation instructions.
Alternatively, install this PTF using the CLI updhmc command.

Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations:

Installation methods for HMC Version 8 fixes

Instructions and images for upgrading via a remote network install can be found here:

HMC V8 network installation images and installation instructions

Additional information

Notes:

  1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service.
  2. This image requires DVD -R media.
  3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted.
  4. The updhmc command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example:
    updhmc -t s -h <myservername> -f </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install the corrective service.