Hardware Management Console Readme For use with Version 8 Release 8.2.0 Service Pack 3 Updated: 27 February 2017 Contents The information in this Readme contains fix list and other package information about the Hardware Management Console. * PTF MH01688 <#MH01688> * Package information <#package> * List of fixes <#fixes> * Installation <#install> * Additional information <#additional> PTF MH01688 This package includes a fix for HMC Version 8 Release 8.2.0 Service Pack 3. You can reference this package by APAR MB04077 and PTF MH01688. This image must be installed on top of HMC Version 8 Release 8.2.0 SP3 (PTF MH01583) with or without additional fixes. Note: This PTF supersedes MH01667 and MH01678. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01688.iso 545390592 8162f50423f86bed71ecefa9b0cb2f3d04e592d2 MB04077 MH01688 Splash Panel information (or lshmc -V output) "version= Version: 8 Release: 8.2.0 Service Pack: 3 HMC Build level 20170207.1 MH01688: Fix for HMC V8R8.2.0 SP3 (02-07-2017) ","base_version=V8R8.2.0 " Known Issues 1.*Special Install Instructions: *Installing this PTF using the Enhanced+ interface may hang. Prior to installing this PTF using the web browser graphical interface perform the following: 1. Log in again selecting the Log In option of "Classic". 2. If already logged in to the HMC using Enhanced GUI, log off the HMC. 3. Install using the normal installation instructions. Alternatively, install this PTF using the CLI updhmc command. 2. After applying Service Pack 3 (PTF MH01583), discard any older backups and take a new backup. When taking a backup, specify the current fix level (lshmc -V output) in the backup description field to help identify the fix level the backup was taken from. Before restoring a backup, apply the same fix level (service pack and iFix) that the backup was taken on. If this is not followed the restore may produce unpredictable results. List of fixes *General fixes* * Fixed an issue that caused the following problems to occur after installing PTF MH01678: o Custom HMC users are unable to log in to the HMC GUI and receive "/Console Internal Error. Details: HTTP status code: 500 The server encountered an internal error that prevented it from fulfilling this request./" The user can log in via ssh however attempting to run most commands fails with "/HSCL8016 An unknown error occurred while trying to perform this command. Retry the command. If the error persists, contact your software support representative/." o All custom users lose their task role assignment and any custom managed resource role assignment. Users hscroot, root, and hscpe (if created) are not impacted. o One or more custom task roles may be deleted. Recovery Instructions if MH01678 is already applied. These instructions apply _only_ if MH01678 was installed prior to MH01688. If an HMC backup management console data exists at a known fix level of Service Pack 3 prior to iFix MH01678, then the backup can be restored. Perform a clean install of the HMC, apply Service Pack 3 with the same iFix PTF that the backup was taken with, restore the backup, then apply MH01688. Otherwise, to recover from the issue with MH01678 already applied: 1. Log in to the HMC as hscroot. 2. (optional) Record the existing custom HMC users. The command "*lshmcusr --script | grep "taskrole=Undefined"*" can be used to record the existing users and their settings in a format that can be used on the create user command. 3. Remove all custom users. To delete all the custom users run the command: *rmhmcusr –t all* 4. Update the HMC to PTF MH01688. 5. Recreate the custom task roles (if impacted) If the roles exist on another HMC, HMC replication can be used to recreate the roles. 6. Recreate the custom users. If the users exist on another HMC, HMC replication can be used to recreate the users. Another option is to use the output of the *lshmcusr –script* command from step 2. Edit and correct the taskrole and resourcerole fields, optionally add a passwd field to avoid the password prompt, then create the user. _Example_: mkhmcusr -i "name=cs2,taskrole=hmcsuperadmin,description=CS2 HMC user,pwage=99999,resourcerole=ALL:,authentication_type=local,remote_webui_access=1,remote_ssh_access=1,min_pwage=0,session_timeout=0,verify_timeout=15,idle_timeout=0,inactivity_expiration=0,passwd=abc1234" Note: If the users are deleted after apply of MH01688 an additional reboot may be required. *Previously released fixes also included in this PTF: * * MH01678* 01/30/17 * Fixed Apache Tomcat vulnerabilities CVE-2016-6816, CVE-2016-6817 and CVE-2016-0762 * Enabled TLSv1.2 on HMC port 12443 when HMC is in Legacy mode. * Removed support for all Triple DES ciphers from the Web UI (HMC ports 443 and 12443) to address vulnerability: CVE-2016-2183 * Fixed a problem causing a blank window to be opened when the ASM interface for a server is launched when the server is in Failed Authentication state. * Fixed an issue where HMC performance degrades over time until the command server and/or web servers hang requiring a reboot to resolve. Logs will show a large number of blocked threads for the unified JRE and may include an error of "too many open files". The issue is typically seen on HMCs where external scripts are running dozens or hundreds of commands. * Fixed a problem that caused the lpar_netboot command to fail with the error "/The system has no more ptys. Ask your system administrator to create more./" * MH01667* 11/21/16 * Fixed multiple OpenSSL vulnerabilities: CVE-2016-2180, CVE-2016-2182, and CVE-2016-6306 * Added DST timezone changes for Turkey, leap second to 31 Dec 2016. * Fixed a problem that caused the WWPN and WWNN information for Fibre Channel adapters to be missing from system plans created on the HMC. This problem only occurs for Quad port Fibre Channel adapters. * Changed the HMC install process to report the error SRC E3558801 when the installation of a service pack or iFix fails due to a rare RPM installation failure. Prior to this fix, the service pack or iFix installation appeared to finish successfully. Back to top <#ibm-content> Installation *Special Install Instructions: *Installing this PTF using the Enhanced+ interface may hang. Prior to installing this PTF using the web browser graphical interface perform the following: 1. Log in again selecting the Log In option of "Classic". 2. If already logged in to the HMC using Enhanced GUI, log off the HMC. 3. Install using the normal installation instructions. Alternatively, install this PTF using the CLI updhmc command. Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions Additional information Notes: 1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 2. This image requires DVD -R media. 3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 4. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i In all cases, the HMC application extracts the files needed to install the corrective service. Back to top <#ibm-content>