Hardware Management Console Readme For use with Version 8 Release 8.6.0 Date: 8 September 2017 (C) Copyright International Business Machines Corp., 2017 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01718 <#MH01718> * Package information <#package> * Known Issues <#known> * List of fixes <#fixes> * Installation <#install> * Additional information <#additional> PTF MH01718 This package includes fixes for HMC Version 8 Release 8.6.0 Service Pack 1. You can reference this package by APAR MB04103 and PTF MH01718. This image must be installed on top of HMC Version 8 Release 8.6.0 Service Pack 1 (PTF MH01656) with or without additional fixes. Note: This PTF supersedes MH01695, MH01698 and MH01703. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01718.iso 1637341184 a5782aa1b0a64c79a50ebdaa684213404ba69c12 MB04103 MH01718 Splash Panel information (or lshmc -V output) "version= Version: 8 Release: 8.6.0 Service Pack: 1 HMC Build level 20170802.1 MH01718: Fix for HMC V8R8.6.0 SP1 (08-04-2017) ","base_version=V8R8.6.0 " Known Issues:* * *_Special Install Instructions_* When installing PTF MH01718 using ftp or removeable media through the Classic GUI "Install Corrective Service" task, the GUI hangs and does not proceed to completion The last progress message shown is: Verifying Certificate Information Authenticating Install Packages Installing Packages --- Installing ptf-req .... --- Installing baseOS updates .... If the task is currently hung, remote users can recover by clicking the upper right X in the pop-up window for the install task. This will disconnect the user from the session. Login in as the same user and reconnect to the disconnected session. The pop-up will return. Verify it shows the completion of the task. Proceed with rebooting the HMC. For other situations wait at least 10 minutes to allow the task to complete then reboot the HMC. After the reboot verify the fix shows installed in the lshmc -V output. Workaround: Use the Enhanced UI or CLI updhmc through remote ssh. List of fixes *Security Fixes* * Fixed HTTPD vulnerabilities: CVE-2016-0736, CVE-2016-2161, CVE-2016-8743 * Fixed libtirpc vulnerability: CVE-2017-8779 * Fixed kernel vulnerabilities: CVE-2015-8374, CVE-2015-8844, CVE-2015-8845, CVE-2015-8956, CVE-2016-2053, CVE-2016-2117, CVE-2016-2847, CVE-2016-3156, CVE-2016-5828, and CVE-2016-10229 * Fixed BIND vulnerabilities: CVE-2017-3136, CVE-2017-3137, CVE-2017-3138, CVE-2017-3139, CVE-2017-3142 and CVE-2017-3143 * Fixed IBM WebSphere Application Server vulnerability: CVE-2017-1194 *General fix* * Updated the certificate expiration date for the vterm applet. *Previously released fixes also included in this PTF: * * MH01703* 06/19/17 * This PTF enables AIX and Linux operating system performance data collection for display by the IBM Cloud Management Console performance application. The operating system performance data includes kernel and user CPU usage percentages. * Removed support for all ciphers that use a Diffie-Hellman modulus of 1024 bits or less from HMC ports 9920, 9960 and 12443. This change was made to address the following vulnerability: SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) * Disabled client-initiated renegotiation for HMC port 9960 * Fixed a problem that caused the restart of the OpenSSH server to fail when the chhmcencr command was used to change the supported ciphers for the HMC SSH interface. Without this fix, you must restart the HMC for the change to take effect. * Fixed various issues with the enhanced GUI partition activation wizard. * Fixed a problem causing NTP service enablement from the HMC GUI to silently fail even though the GUI indicated the NTP service was successfully enabled and started. * Fixed a problem that caused Fibre Channel mappings for devices assigned to a running partition to be removed using force when a virtual optical device is added to or removed from a running partition using the Enhanced GUI. Since the mappings are removed using the force option, this can cause a running partition to crash. * Fixed an issue that caused the generation and call home of SRC E212E134 to report that the HMC /var file system size exceeded the threshold limit of 80%. This problem can only occur if the HMC is configured to transmit performance management information to a service provider and the HMC is managing a large number of partitions. * Fixed a problem where using the chsacfg command to add an email address for event notification failed with the error "/An invalid parameter value was entered. The parameter -a is empty or not valid. Please check your entry and retry the command./". This problem only occurs when the domain name in the email address starts with a number. * Increased the internal HMC timeout that affects all REST API and enhanced GUI operations from 10 minutes to 1 hour. When this timeout occurs, an error such as /"//502 Proxy Error/" or /"//The proxy server received an invalid response from an upstream server."/ is returned although the operation that was started continues to run. Note that many REST API and enhanced GUI operations have separate timeouts that are shorter than 1 hour and those timeouts are not affected by this change. * Fixed another problem with the View Network Topology GUI task that can cause the IP address and managed system information to be missing for the configured HMC Ethernet interfaces. * Fixed a problem that caused RMC issues after updating the HMC to V8R8.6.0 Service Pack 1. Symptoms include failing DLPAR and partition migration operations, inactive RMC daemons on partitions that won't stay active after they have been restarted, and numerous B303000F errors logged in the console event log due to RMC nodes going up and down. * Fixed a rare issue that can cause a server to go into Incomplete state after installing the HMC due to missing virtual Switch IDs in a partition profile. * Fixed a problem where the GUI Console > Open Terminal Windows (vterm) task used a different URL then the URL of the GUI session. Symptoms may include: o A vterm connection error due to resolving an incorrect HMC ip address with errors such as "/The connection has timed out. The server at x.x.x.x is taking too long to respond" where "x.x.x.x" is not the HMC's open interface used for remote access/" o Certificate errors/warnings regarding the certificate host name such as "/Your connection is not secure. The owner of has configured their website improperly. uses an invalid security certificate// //The certificate is only valid for the following names : // //Error code: SEC_ERROR_UNKNOWN_ISSUER"/ * Fixed another problem that resulted in the false report of SRC E2FF1800 when transmitting performance management information from an HMC that was managing a large number of partitions. * Fixed an issue that could cause Live Kernel Update to fail if any partition on any server managed by the HMC has one or more virtual NICs configured. * Fixed a problem with remote restart where partition settings stored in NVRAM were not copied to the destination server. This can result in multiple symptoms such as partition date/time being reset to epoch (1st jan 1970) and/or cloud init being re-run resulting in loss of settings such as the partition IP address. The current version of AIX supported for Cloud-init are: AIX 7.1 TL3 SP5 (7100-03-05) AIX 6.1 TL9 SP5 (6100-09-05) These two latest service packs of AIX introduce a new device attribute on sys0 device called clouddev. The role of the clouddev attribute is to replace the ghostdev attribute which is used to reset ODM customization when virtual machine is booted on another host or with a different lpar id, for example a remote restart operation or an inactive live partition mobility operation. * Fixed the HMC LDAP configuration to ignore the case of LDAP user names when LDAP is already configured on the HMC. * Fixed a problem where after applying PTF MH01698, HMC users configured for LDAP authentication cannot log into the HMC if the LDAP user DN includes special characters. * MH01698* 05/16/17 * This PTF is the minimum level required to enable the cloud connector feature of the IBM Cloud Management Console (CMC) for Power Systems Software-as-a-Service. Please see http://www.ibm.com/systems/power/software/cloud-management-console for more information on CMC. * Fixed an issue that caused the chhmc command to enable or disable jumbo frames to always fail. * Fixed a problem causing the HMC backup critical console data operation to fail with one of the following errors: "/HSCLA500 An internal error occurred. Try the operation again. If the operation continues to fail, contact your service representative./" or "/Backup of table data from database has failed. HSCP0108/". With this fix, if the user requested to include Performance and Capacity Monitoring (PCM) data in the backup and the backup of that data fails, the GUI will display a warning message, and if the user ran the bkconsdata command to perform the backup, the command will fail. If the user requested to not include PCM data in the backup, failures to connect to the PCM database will not cause the backup operation to fail. * Fixed another issue that prevented a system user with the name operator from being removed and an HMC user with the name operator from being created. * Changed the default font used in the restricted shell terminal window so that it is more readable. If a different font is desired, follow these steps in the restricted shell terminal window to change the font: 1. Ctrl+right mouse click on the terminal window 2. Select the Font tab 3. Click the Select button on the row that starts with "Font name" 4. Select the font desired 5. Click Apply then click OK 6. Click Save&Exit on the Font tab window * Fixed a problem that prevented a change to the HMC date or time from being persisted after an HMC reboot. * Fixed an issue that caused SRC E212E13D to be generated and called home due to a full /var/hsc/log file system on the HMC. This problem can occur when there is frequent login and logout activity on the HMC. * Suppressed the logging of the mkauthkeys -g command in the console event log. * Fixed a remote restart validation issue that caused the remote restart partition being validated to lose contact with its configured virtual fibre channel device and hang. This problem only occurs if the partition has virtual fibre channel adapters and the remote restart validation is done while the partition is running. With this fix, virtual fibre channel configuration is no longer validated during remote restart validation when the partition is running. To validate a partition's virtual fibre channel configuration, you must perform the remote restart validation when the partition is shutdown. * Fixed a rare issue where HMC performance degrades over time until the command server and/or web servers hang requiring an HMC reboot to resolve. Logs will show a large number of partition surveillance events and blocked threads and may also include out of memory errors. This issue can occur when network connectivity issues repeatedly occur between the HMC and large numbers of partitions over a short period of time. * Fixed an issue that prevented customer notification (email and SNMP trap) from occurring for serviceable events with a "Notification type" of "Service Action (Customer notification) Required". "Call Home Required" events were not impacted. * MH01695* 01/30/17 * Fixed a security issue with the Firefox browser on the local HMC console. * Fixed an occurrence of a password specified on a command from being logged in clear text. * Fixed several issues with the enhanced GUI where IBM i partition tasks for Serviceability > Serviceability > Control Panel functions do not work or cannot be accessed. Fixed a problem that caused a DLPAR memory operation to fail with the error "/HSCL03F9 Not enough memory resources to meet the allocation setting./" This problem only occurs if memory is being added to a partition and the new total amount of memory assigned to the partition exceeds the amount of memory currently available on the managed system. In addition, this problem only occurs when the DLPAR operation is performed using the enhanced GUI, the REST API, or the chhwres command with the -o s option. * Fixed the HMC LDAP configuration to ignore the case of LDAP user names. * Fixed a problem causing the HMC backup critical console data operation to fail with one of the following errors: "/HSCLA500 An internal error occurred. Try the operation again. If the operation continues to fail, contact your service representative./" or "/Backup of table data from database has failed. HSCP0108./" With this fix, the backup operation will continue and no error will be reported to the user if the performance monitoring data backup fails. * Fixed a problem that prevented the Power enterprise pool sync operation and managed system rebuild operation from correcting the number of installed processors and memory shown in the Power enterprise pool data for a server. This problem only occurs after additional processors or memory are installed on a server in a Power enterprise pool. * Fixed an issue where files that had not been modified in the previous 10 days were automatically deleted from the /tmp directory on the HMC. * Fixed a problem that caused an active partition migration operation to fail with the error "/HSCLA219 The partition cannot be migrated because one of the specified mover service partitions (MSPs) is not valid. Select a new MSP pair, and then try the operation again./" This problem only occurs when the migrating partition does not have any virtual storage adapters configured and when the firmware on the source managed system is at version 860 or higher. * Fixed an rsyslog issue that caused no logging to /var/log/messages and VIOS network install (installios) attempts to fail with "/nimol_config ERROR: Failed to restart rsyslog/". This problem only occurs after upgrading to HMC V8 R8.6.0. * Fixed an issue that prevented the RMC fix in PTF MH01674 from being applied. * Fixed a rare issue that caused the generation and call home of SRC E3550046. This issue can occur only if PCM energy monitoring is enabled for a server. * Fixed a problem on the enhanced GUI where a partition state of "None" may be displayed for some partitions. * Fixed an issue that caused SRC E212E136 to be generated and called home due to a full "/" file system on the HMC. The HMC file system was filling up with java core dump files due to a timing issue that can occur when PCM data collection is enabled. * Fixed an issue that caused an exception during repair of the DCCA on bulk power systems. Installation Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions Additional information Notes: 1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 2. This image requires DVD -R media. 3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 4. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i In all cases, the HMC application extracts the files needed to install the corrective service.