Hardware Management Console Readme

For use with Version 8 Release 8.4.0 SP2

Date: 27 April 2017
(C) Copyright International Business Machines Corp., 2017 All rights reserved.

Contents

The information in this Readme contains fix list and other package information about the Hardware Management Console.


PTF MH01693

This package includes fixes for HMC V8 R8.4.0 Service Pack 2.  You can also reference this package by PTF MH01693 and APAR MB04081.  This image can be installed on top of HMC Version 8 Release 8.4.0 Service Pack 2 (PTF MH01620) with or without additional fixes.

Note 1: This PTF supersedes MH01662, MH01665, MH01668, MH01680, and MH01684.
Note 2: An HMC backup created after installing PTF MH01693 must only be restored on V8 R8.4.0 with Service Pack 2 plus PTF MH01665 or later installed.

Package information
Package name Size Checksum (sha1sum) APAR# PTF#
MH01693.iso 175593676 7a846c1a706618c93384b30f432513592e5fea1a
MB04081 MH01693
Splash Panel information (or lshmc -V output)

"version= Version: 8
Release: 8.4.0
Service Pack: 2
HMC Build level 20170406.1
MH01693: Fix for HMC V8R8.4.0 SP2 (04-12-2017)
","base_version=V8R8.4.0
 "

Install Notes

Special Install Instructions: Installing this PTF using the Enhanced+ interface may hang.  Prior to installing this PTF using the web browser graphical interface perform the following:
1.    Log in again selecting the Log In option of "Classic".
2.    If already logged in to the HMC using Enhanced GUI, log off the HMC.
3.    Install using the normal installation instructions.
Alternatively, install this PTF using the CLI updhmc command.

List of fixes

Security fixes
General fix

Previously released fixes also included in this PTF:



MH01684

03/21/17
  • Fixed BIND vulnerability: CVE-2016-9147
  • Fixed openSSH vulnerability:  CVE-2015-8325
  • Fixed multiple NTP vulnerabilities: CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, and CVE-2016-9311
  • Fixed openSSL vulnerabilities: CVE-2016-8610 and CVE-2017-3731
  • Fixed a race condition to prevent the generation and call home of SRC E3551172.






MH01680

01/30/17
  • Fixed Apache Tomcat vulnerabilities: CVE-2016-6816, CVE-2016-6817 and CVE-2016-0762
  • Fixed BIND vulnerability: CVE-2016-8864
  • Disabled HTTP compression for the necessary URIs and data types to fix vulnerability: CVE-2013-3587
  • Removed support for all Triple DES ciphers from the Web UI (HMC ports 443 and 12443) to address vulnerability: CVE-2016-2183
  • Fixed an issue where HMC performance degrades over time until the command server and/or web servers hang requiring a reboot to resolve.  Logs will show a large number of blocked threads for the unified JRE and may include an error of "too many open files".  The issue is typically seen on HMCs where external scripts are running dozens or hundreds of commands.
  • Fixed a problem causing a blank window to be opened when the ASM interface for a server is launched when the server is in Failed Authentication state.
  • Improved the performance of the Enhanced GUI, REST API interface and HMC command line for non-hscroot custom HMC users that have a task role of hmcsuperadmin and a resource role of AllSystemResources.
  • Fixed an issue causing call-home to fail if the HMC that opened the problem could not connect to IBM, even if another call-home server console was configured.
  • Fixed an issue where email notifications for HMC reported service events were not sent when the failing machine type and model differs from the underlying model type of the POWER server (for example the 5146-GL6 Elastic Storage Server systems). 



MH01668

11/21/16
  • Added DST timezone changes for Turkey, leap second to 31 Dec 2016.
  • Changed the HMC install process to report the error SRC E3558801 when the installation of a service pack or iFix fails due to a rare RPM installation failure.  Prior to this fix, the service pack or iFix installation appeared to finish successfully.
  • Fixed another issue to prevent call home SRC E3D46FFF combined with System_Auth SRC E3D43104 due to a scheduled change credential password task that no longer is needed.
  • Fixed a problem that caused a blank window to be opened when the ASM interface for a server is launched.  This problem only occurs for servers which have newer versions of POWER 8 system firmware installed.
  • Fixed multiple OpenSSL vulnerabilities: CVE-2016-2180, CVE-2016-2182, and CVE-2016-6306

















MH01665

10/20/16
  • Fixed a problem with persisted service data that can impact HMC model CR9s.  Symptoms include: all dumps from the managed server being deleted immediately after offload; new serviceable events reported by the server being discarded without a serviceable event being opened on the HMC.
  • Fixed a problem that caused the wrong HMC machine type, model and serial number to be displayed on the following HMC GUI screens: Service Management -> Enable Electronic Service Agent and Service Management -> Manage Inbound Connectivity -> Prepare -> Remote Service Session.  This problem occurs on CR9 model HMCs only.
  • Fixed a problem with backup and restore tasks where after restoring a backup and rebooting the HMC users may not be able to login to the HMC GUI and all REST API connection requests are rejected.   After applying this fix,  perform a new HMC backup and discard any older backups.  After a scratch install of the HMC, this PTF should be applied prior to restoring the backup.
  • Fixed a rare timing issue that can cause a partition migration operation to incorrectly fail with error "HSCL2957 Either there is currently no RMC connection between the management console and the partition <target partition> or the partition does not support dynamic partitioning operations" even though the RMC connection is actually active. 
    Circumvention: Confirm that the HMC lssyscfg -r lpar -m <managed system name> -F rmc_state command shows the RMC connection is active then try the partition migration operation again.
  • Fixed an issue where system initiated System Dump files were not being automatically called home.
  • Fixed a problem where some GUI views of system firmware levels such as the Updates,  System Code Levels table incorrectly show a deferred level of none (or blank) when a deferred level exists.    
  • Fixed a problem that resulted in a false report of SRC E2FF1801 and SRC E2FF1800.  These SRCs typically occur when running the software or performance inventory tasks on an HMC that is managing a large number of servers even though the inventory tasks complete successfully.
  • Fixed an issue causing the update of I/O device microcode from IBM microcode CD/DVD to fail with "HSCF0179W Operation was partially successful for <target>.An error occurred while attempting to update I/O microcode on <target>:An error occurred copying a file from the CDROM.  First verify the correct media is inserted in the drive, that there is space available on the target system, then try the operation again."
  • Fixed a problem that caused E2FF4304 SRCs to be generated during HMC PTF installation.
  • Fixed a problem with the vterm console window on the local HMC console that prevented the window from resizing when the font size for the window was made larger.  This problem could prevent the user from being able to see the entire contents of the console window.
  • Fixed a rare error that can occur when the HMC is processing a property change event for a tree node representing a managed object or group while a managed system is being added to the HMC.  This error caused SRC E3551040 to be generated and called home.
  • Fixed a problem causing partition migration operations performed by PowerVC to fail when the ibmpowervm_mover_service_partitions attribute is specified in the nova.conf files.  This problem occurs only with Virtual I/O Server versions 2.2.4 and later.
  • Fixed IBM Websphere Application Server (WAS) vulnerabilities: CVE-2016-0378 and CVE-2016-5986.
  • Fixed Apache Tomcat vulnerability: CVE-2016-3092.
  • Set the X-Frame-Options HTTP response header from all HMC /dashboard URLs to instruct the browser to not allow framing from other domains. This change is intended to prevent Clickjacking attacks.
  • Disabled TLS 1.0 for HMC ports 443, 9920 and 9960 in legacy security mode.

MH01662

06/23/16

  • Fixed a problem causing the WLP server not to start after the HMC is rebooted, causing the REST API functions to not be available.  This impacts the enhanced GUI login, PowerVC, PCM and any other function that utilizes the REST API on the HMC.  This problem only occurs if the user runs the save upgrade data task and subsequently reboots the HMC without actually performing an HMC upgrade.  This fix repairs HMCs previously impacted.

Installation

Special Install Instructions: Installing this PTF using the Enhanced+ interface may hang.  Prior to installing this PTF using the web browser graphical interface perform the following:
1.    Log in again selecting the Log In option of "Classic".
2.    If already logged in to the HMC using Enhanced GUI, log off the HMC.
3.    Install using the normal installation instructions.
Alternatively, install this PTF using the CLI updhmc command.

Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations:

Installation methods for HMC Version 8 fixes

Instructions and images for upgrading via a remote network install can be found here:

HMC V8 network installation images and installation instructions

Additional information

Notes:

  1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service.
  2. This image requires DVD -R media.
  3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted.
  4. The updhmc command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example:
    updhmc -t s -h <myservername> -f </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install the corrective service.