Hardware Management Console Readme

For use with Version 8 Release 8.2.0 Service Pack 3
Updated: 27 February 2017

 

Contents

The information in this Readme contains fix list and other package information about the Hardware Management Console.

PTF MH01688

This package includes a fix for HMC Version 8 Release 8.2.0 Service Pack 3.  You can reference this package by APAR MB04077 and PTF MH01688. This image must be installed on top of HMC Version 8 Release 8.2.0 SP3 (PTF MH01583) with or without additional fixes.

Note: This PTF supersedes MH01667 and MH01678.

Package information
Package name Size Checksum (sha1sum) APAR# PTF#
MH01688.iso 545390592 8162f50423f86bed71ecefa9b0cb2f3d04e592d2
 MB04077 MH01688
Splash Panel information (or lshmc -V output)

"version= Version: 8
Release: 8.2.0
Service Pack: 3
HMC Build level 20170207.1
MH01688: Fix for HMC V8R8.2.0 SP3 (02-07-2017)
 ","base_version=V8R8.2.0
"

Known Issues

1. Special Install Instructions: Installing this PTF using the Enhanced+ interface may hang.  Prior to installing this PTF using the web browser graphical interface perform the following:
1.    Log in again selecting the Log In option of "Classic".
2.    If already logged in to the HMC using Enhanced GUI, log off the HMC.
3.    Install using the normal installation instructions.
Alternatively, install this PTF using the CLI updhmc command.

2. After applying Service Pack 3 (PTF MH01583), discard any older backups and take a new backup. When taking a backup, specify the current fix level (lshmc -V output) in the backup description field to help identify the fix level the backup was taken from. Before restoring a backup, apply the same fix level (service pack and iFix) that the backup was taken on.  If this is not followed the restore may produce unpredictable results.

List of fixes

General fixes

Recovery Instructions if MH01678 is already applied.

These instructions apply only if MH01678 was installed prior to MH01688.

If an HMC backup management console data exists at a known fix level of Service Pack 3 prior to iFix MH01678, then the backup can be restored.  Perform a clean install of the HMC, apply Service Pack 3 with the same iFix PTF that the backup was taken with, restore the backup, then apply MH01688.
 
Otherwise, to recover from the issue with MH01678 already applied:
  1. Log in to the HMC as hscroot.
  2. (optional) Record the existing custom HMC users.
    The command "lshmcusr --script | grep "taskrole=Undefined"" can be used to record the existing users and their settings in a format that can be used on the create user command.
  3. Remove all custom users.
    To delete all the custom users run the command: rmhmcusr –t all
  4. Update the HMC to PTF MH01688.
  5. Recreate the custom task roles (if impacted)
    If the roles exist on another HMC, HMC replication can be used to recreate the roles.
  6. Recreate the custom users.
    If the users exist on another HMC, HMC replication can be used to recreate the users.  Another option is to use the output of the lshmcusr –script command from step 2.  Edit and correct the taskrole and resourcerole fields, optionally add a passwd field to avoid the password prompt, then create the user. 
    Example:  mkhmcusr -i "name=cs2,taskrole=hmcsuperadmin,description=CS2 HMC user,pwage=99999,resourcerole=ALL:,authentication_type=local,remote_webui_access=1,remote_ssh_access=1,min_pwage=0,session_timeout=0,verify_timeout=15,idle_timeout=0,inactivity_expiration=0,passwd=abc1234"
Note: If the users are deleted after apply of MH01688 an additional reboot may be required.

 
Previously released fixes also included in this PTF:


MH01678
01/30/17

  • Fixed Apache Tomcat vulnerabilities CVE-2016-6816, CVE-2016-6817 and CVE-2016-0762
  • Enabled TLSv1.2 on HMC port 12443 when HMC is in Legacy mode.
  • Removed support for all Triple DES ciphers from the Web UI (HMC ports 443 and 12443) to address vulnerability: CVE-2016-2183
  • Fixed a problem causing a blank window to be opened when the ASM interface for a server is launched when the server is in Failed Authentication state.
  • Fixed an issue where HMC performance degrades over time until the command server and/or web servers hang requiring a reboot to resolve.  Logs will show a large number of blocked threads for the unified JRE and may include an error of "too many open files".  The issue is typically seen on HMCs where external scripts are running dozens or hundreds of commands.
  • Fixed a problem that caused the lpar_netboot command to fail with the error "The system has no more ptys. Ask your system administrator to create more."


MH01667
11/21/16

  • Fixed multiple OpenSSL vulnerabilities: CVE-2016-2180, CVE-2016-2182, and CVE-2016-6306
  • Added DST timezone changes for Turkey, leap second to 31 Dec 2016.
  • Fixed a problem that caused the WWPN and WWNN information for Fibre Channel adapters to be missing from system plans created on the HMC.  This problem only occurs for Quad port Fibre Channel adapters.
  • Changed the HMC install process to report the error SRC E3558801 when the installation of a service pack or iFix fails due to a rare RPM installation failure.  Prior to this fix, the service pack or iFix installation appeared to finish successfully.



Back to top


Installation

Special Install Instructions: Installing this PTF using the Enhanced+ interface may hang.  Prior to installing this PTF using the web browser graphical interface perform the following:

1.    Log in again selecting the Log In option of "Classic".
2.    If already logged in to the HMC using Enhanced GUI, log off the HMC.
3.    Install using the normal installation instructions.
Alternatively, install this PTF using the CLI updhmc command.


Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations:

Upgrading or restoring HMC Version 8

Installation methods for HMC Version 8 fixes

Instructions and images for upgrading via a remote network install can be found here:

HMC V8 network installation images and installation instructions

Additional information

Notes:

  1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service.
  2. This image requires DVD -R media.
  3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted.
  4. The updhmc command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example:
    updhmc -t s -h <myservername> -f </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install the corrective service.

Back to top