Hardware Management Console Readme *Version 9 Release 1 Maintenance 931 (V9 R1 M931) README* Updated: 09 November 2020 (C) Copyright International Business Machines Corp., 2019 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * Terminology <#term> * PTF MH01831 <#MH01831> * PTF MH01832 <#MH01832> * List of fixes <#fixes> * Known issues <#known> * Installation <#install> Terminology *x86* - This term is used to reference the legacy HMC that runs on x86/Intel/AMD hardware for both the 7042 Machine Type appliances and the Virtual HMC that can run on the Intel hypervisors (KVM, VMWare, Xen). *ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) *DNS* - Domain Name Server *GUI* - Graphical user interface *vHMC* - Virtual HMC. The HMC appliance that runs in supported VM Hypervisors PTF MH01831 HMC V9 R1.931.0 Service Pack - for 7042 Machine Types or vHMC for x86 hypervisors (5765-HMW) This package represents a service pack image that can be used to update your HMC from HMC V9 R1.910.0 to the HMC V9 R1.931.0 Service Pack. You can also reference this package by PTF MH01831 and APAR MB04219. This image can be installed on top of HMC Version 9 Release 1 910.0 Recovery installation PTF MH01733 with or without additional SPs or PTFs installed. * Service packs are cumulative and will include all the interim fixes for the PTFs released up to and including the last service pack(s) for this HMC version. Please read the individual Readme files for each PTF to see the list of interim fixes. NOTE: This Service Pack does include PTF MH01820. * *Installation note*: When installing this Service Pack to an HMC level that is prior to HMC9.1.930.0, first install PTF MH01813 to avoid installation failures due to not enough free disk space in root file system and false reports of E212E136 triggered during the PTF install. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# HMC_Update_V9R1M931_x86.iso 3802062848 22308032ac6668e0d992725edfc410d412f2389e MB04219 MH01831 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 1 Service Pack: 931 HMC Build level 1908192009 MH01831 - HMC V9R1 M931 ","base_version=V9R1 " PTF MH01832 HMC V9 R1.931.0 Service Pack - for 7063 Machine Types or vHMC for PowerVM (5765-HMB) This package represents a service pack image that can be used to update your HMC from HMC V9 R1.910.0 to the HMC V9 R1.931.0 Service Pack. You can also reference this package PTF MH01832 and APAR MB04220. This image can be installed on top of HMC Version 9 Release 910.0 Recovery installation PTF MH01735 with or without additional SPs or PTFs installed. * Service packs are cumulative and will include all the interim fixes for the PTFs released up to and including the last service pack(s) for this HMC version. Please read the individual Readme files for each PTF to see the list of fixes. NOTE: This Service Pack does include PTF MH01821. * *Installation note*: When installing this Service Pack to an HMC level that is prior to HMC9.1.930.0, first install PTF MH01814 to avoid installation failures due to not enough free disk space in root file system and false reports of E212E136 triggered during the PTF install. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# HMC_Update_V9R1M931_ppc.iso 3806312448 4ab0f444f28ca914ad4f8380e8ca0af6fc5b556c MB04220 MH01832 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 1 Service Pack: 931 HMC Build level 1908192009 MH01832 - HMC V9R1 M931 "," base_version=V9R1 " List of fixes *General fixes* * Fix for daily reporting of E3325009 between two consoles connected to the same managed server when the HMCs have multiple interfaces and only one interface can reach the peer HMC. This issue can also result in service events reported by the managed server not calling home. * Added 10GB media speed for network adapters installed in the 7063-CR1. * Fix to NTP where there was an issue with the hwclock sync in the OS when the hwclock is configured with the wrong time. * Fix to prevent the call home of SRC E212E114 by reducing the memory usage of ccfw,wlp,esa and performance monitor processes. * Updated LDAP client on HMC to use TLSv1.2 for LDAP user management. * Fixed a GUI performance issue that impacts IBM i partitions when RMC is enabled in IBM i, DNS is configured on the HMC, and the IBM i host name cannot be resolved in DNS. Symptoms included the GUI no longer drawing menus or populating information in panels, instead the clocking "circle" would be displayed or a blank screen. * Fixed an issue that can cause SRCs E35A0016/E35A0017 and resulting E332FFFF JVM dumps. It occurs due to a deadlock when there are multiple login, logout sessions at the same time. Other SRCs not listed may also be reported until the HMC is rebooted or this fix is installed. * Fixed an issue with the CLI to add/remove ::/:: ipv6 ssh firewall. The symptom was an error returned to the user: "An invalid parameter value was entered. The parameter -a is empty or not valid. Please check your entry and retry the command." * Fixed 'chmod: command not found' error while running sendfile command. * Fixed the Hardware Discovery operation failure when CEC is in MDC mode. Symptoms include no errors, CEC powering on to standby, but no "Details" info populated for i/o adapters under CEC properties. * Fixed the issue to retry and attempt to prevent the deletion of a managed system dump file when the console is coming up and domain is not established. * Fix to allow automatic resource role update as part of partition mobility, simplified remote restart and LKU operations, to allow access continuity to LPAR which were accessible before the operation to custom users. * Fixed an issue where a custom user is unable to view SRIOV adapters in the UI unless they have the "Manage SRIOV" role. * Update logic which prevents multiple updlic CLI commands at the same time to allow for invocation from shells. Symptoms include receiving error: HSCF0286E Can not start the update, another update task is already running * Fixed the issue blocking the BMC code update when the locale is not en_US. Symptoms include unable to accept the license agreement: "License not found. Cannot proceed with Code update." * Fixed an issue that would cause call home SRC E3550423 with multiple Call Home failures reported on the Call Home server if it received unsupported requests from downlevel HMCs that discovered this HMC as a call home server. * Fixed a timing issue at startup that impacts HMC managing many servers and partitions. Intermittently one or more servers may show incomplete state after a reboot. The problem may also leave a file open on a server preventing further saves of partition profile data. Symptoms include errors making partition configuration changes, saving profile data, and partition mobility failing with a generic HSCL1400. Circumvention is to reset the connection on the impacted server. * Fixed an issue with the change network settings task panel resulting in failures E35B0005 and subsequent E3550956 and E3550037 when the signer certificate has no CN. * Fix to cleanup core files properly at system reboot to prevent repeated call homes of SRC E23D0503. * Fix for call home SRC E35A000B to properly collect a heapdump and avoid duplicate E332FFFF SRCs being reported. * Fix to remove the message “No RMC Connection” text for IBMi partitions in the Dashboard gallery view. * Fixed an issue where email notifications fail when the SMTP server sends a multi-line response. The test email task will appear to hang; service event notification will not reach the recipients. * Fixed an issue where a security scan of the HMC results in E3550046. Users are unable to log into the UI with error 502 Proxy error.The issue has been reported with the Tenable Nessus scan. * Fixed HMC startup issues after updating from 921 to 930 that prevented the login screen from loading. * Fixed an issue with periodic transmission failures of scheduled operations such as UAK, VPD, Performance, and Software information. * Fixed an issue where opening multiple vterm applets intermittently fails after the first open is successful. *Security **fixes* * Addressed kernel vulnerabilities: CVE-2019-11479, CVE-2019-11477, and CVE-2019-11478 * Addressed libssh2 vulnerability: CVE-2019-3862 * Fixed an issue to load the local console browser intermediate page with HTTPS Known issues and Limitations * Security restrictions: o *In NIST mode*: + RMC code on partition does not support two HMC connections with mixed configuration i.e. one HMC running in NIST mode and other one in non-NIST mode. Both the HMCs must be in the same mode. o *In non-NIST mode*: + Following ciphers are not supported although the available cipher list shows them. TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA Note this function is fully supported for all other Power systems assuming that the appropriate HMC, firmware and PowerVM levels installed. o The GUI does not support disconnected sessions like the previous Classic GUI did. In the GUI a session logoff is a logoff and a session disconnect is also a logoff. This means that the user cannot reconnect to a GUI session to resume a task(s) from where it left off. Every login via the GUI creates a new session. For more details on long running tasks, please refer to the link below: http://www.ibm.com/support/knowledgecenter/POWER9/p9eh6/p9eh6_loginmode.htm o In some rare situations, especially with a Firefox browser, the user may be redirected to a second login page after login credentials have been validated. Providing the login credentials again will fail. If this issue occurs, close and relaunch the browser. If the login page locally shows "Console internal error" and "The requested resource is not available", the framework is still initializing. Wait a minute and restart the desktop on the local console using o Enabling or disabling service processor redundancy is only permitted when both primary and secondary service processors are at standby with service processor in position A as primary. The workaround is to set up service processor failover with the following command: *chsyscfg –m **-r sys –i "sp_failover_enabled=1"* o Launch of the ASMI menu is not supported using the Safari browser. Web browser requirements Learn about the requirements your web browser must meet to monitor and control the HMC. To access HMC through a remote browser in a Windows 7 environment, you must have a minimum/default of 1600x900 screen resolution. HMC web browser support requires HTML 2.0, JavaScript 1.0, Java™ Virtual Machine (JVM), Java Runtime Environment (JRE) Version 8 U151, and cookie support in browsers that will connect to the HMC. Contact your support personnel to assist you in determining if your browser is configured with a Java Virtual Machine. The web browser must use HTTP 1.1. If you are using a proxy server, HTTP 1.1 must be enabled for the proxy connections. Additionally, pop-ups must be enabled for all HMCs addressed in the browser if running with pop-ups disabled. The following browsers have been tested: Google Chrome This HMC version supports Google Chrome Version 73 (Official Build) (64-bit). Safari This HMC version supports Safari 11.1 Mozilla Firefox This HMC version supports Mozilla Firefox Version 60.5 Extended Support Release (ESR) and Mozilla Firefox Version 60.6 Extended Support Release (ESR). Ensure that the JavaScript options to raise or lower windows and to move or resize existing windows are enabled. To enable these options, click the Content tab in the browser’s Options dialog, click Advanced next to the Enable JavaScript option, and then select the Raise or lower windows option and the Move or resize existing windows options. Use these options to easily switch between HMC tasks. For more information about the latest Mozilla Firefox ESR levels, see Security Advisories for Firefox ESR . Safari This HMC version supports Safari Browser Version 12.0.3 Clearing the Browser Cache In Microsoft Internet Explorer 1. Open the Browser 2. Select *Tools* 3. Select *Internet Options* 4. Under Browser History, select *Delete* 5. Check "*Temporary Internet files and websites files*" and "*Cookies and website data*" 6. Click on *Delete* In Mozilla Firefox 1. In the top-right corner of the browser window click the *menu*button Choose *History*, and then *Clear Recent History.* In time range to clear, select "*Everything*" In the Details section, select "*Cookies*" and "*Cache*" Click on "*Clear now*" 2. In the top-right corner of the browser window click the menu button Choose *Options > Advanced > Network >* In "*Offline Web Content and User Data*" section click on "*Clear Now*" In Google Chrome 1. In the top-right corner of the browser window, click the *Chrome menu* Choose *History*. Click the button *Clear browsing data*. A dialog will appear. From the drop-down menu, select "t*he beginning of time*." Check the boxes "*Cookies, site, and plug-in data*" and "*Cache*" Click the button *Clear browsing data*. 2. Open the following URL with the Chrome browser: *chrome://appcache-internals/* If there is an entry related to the target hmc, click the corresponding “*Remove*” link Other web browser considerations Session cookies need to be enabled in order for ASMI to work when connected to HMC remotely. The ASM proxy code saves session information and uses it. Mozilla Firefox 1. Click *Tools > Options*. 2. Click the *Cookies *Tab. 3. Select *Allow sites to set cookies.* If you want to allow only specific sites, select Exceptions, and add the HMC to allow access. Installation Installation instructions for HMC Version 9 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 9 Updating, upgrading, and migrating your HMC machine code Instructions and images for upgrading via a remote network install can be found here: HMC V9 network installation images and installation instructions Virtual HMC Installation for x86 hypervisors *Installation Images * Download of the Power Hardware Management Virtual Appliance (vHMC) install images are available at the Entitled Systems Support site (ESS): http://www-304.ibm.com/servers/eserver/ess/OpenServlet.wss . You must be entitled to Product ID 5765-HMW or 5765-HMV in order to download 5765-HMW from the ESS site. Upgrade of 5765-HMV to 5765-HMW is supported. Fixes, mandatory fixes and service packs for the vHMC are common to the Power Hardware management console (HMC) and will be available at IBM Fix Central . The splash panel information (lshmc -V output) for the vHMC will be the same as for the HMC recovery DVD that is documented in the above description section. Installation guidance for installing the vHMC into your hypervisor is found in the IBM Knowledge Center . Installation procedures may vary depending on the operating system you use and the hypervisor you use. A feature of the vHMC is the activation engine which allows you to preconfigure the HMC Console by passing configuration information to the HMC at the first boot of the HMC, when using these images. Please look at the on-line Knowledge Center documentation on using the Activation Engine feature . Notes for the Virtual Appliance for x86 hypervisors * The supported hypervisors for x86 are o VMWARE ESXi 6.0 or higher o KVM on Red Hat RHEL7 or higher o Xen 4.2 or higher on SLES 12 * There are now two images for the VMWare ESXi Server, one is for ESXi 6.0 and the other for ESXi 6.5. This is due to differences in the encoding of the OVA images. SHA1 for ESXi 6.0 , SHA256 for ESXi 6.5 * The processor on the systems hosting vHMC for x86 must have either Intel VT-x or AMD-V Hardware Virtualization enabled. Installation methods for vHMC on x86 hypervisors http://www.ibm.com/support/knowledgecenter/POWER8/p8hai/p8hai_installvhmc.htm After the upgrade, install the mandatory fix using the instructions at Installation methods for HMC Version 8 fixes Virtual HMC for PowerVM LPARS *Installation Images * Download of the Power Hardware Management Virtual Appliance (vHMC) install images are available at the Entitled Systems Support site (ESS): http://www-304.ibm.com/servers/eserver/ess/OpenServlet.wss . You must be entitled to Product ID 5765-HMA or 5765-HMB in order to download 5765-HMB from the ESS site. Upgrade of 5765-HMA to 5765-HMB is supported. Fixes, mandatory fixes and service packs for the vHMC are common to the Power Hardware management console (HMC) and are available at IBM Fix Central. The splash panel information (lshmc -V output) for the vHMC will be the same as for the HMC recovery DVD that is documented in the above description section for the 7063 Machine type. Installation guidance for installing the vHMC into your hypervisor are found in the Online Knowledge Center. Installation procedures may vary depending on the operating system you use and the hypervisor you use. Notes for the Virtual Appliance for PowerVM : * On Power9 servers, the HMC Virtual Appliance for PowerVM must run in Power8 compatibility mode, for this release. * The HMC Virtual Appliance for PowerVM does not provide graphics adapter support for adapters assign to the partition. Use a supported web browser to point to the HMC for UI support. * DLPAR operations such as memory and processor moves for HMCs running in an LPAR are not supported. * Inactive partition migration and Simplified Remote Restart operations are supported. * The virtual appliance for PowerVM requires a Power8 or Power9 server that is enabled for little endian support. Minimum System Firmware 860 recommended for Power8 servers. * vHMC for PowerVM cannot manage the server it is hosted on. Installation of vHMC for LPARs: http://www.ibm.com/support/knowledgecenter/POWER8/p8hai/p8hai_vhmc_pvm.htm Back to top General Virtual HMC notes * Virtual HMC Appliance can be deployed in your existing POWER virtualized infrastructure. Virtual HMC Appliance supports install into PowerVM LPARs. * Call home of serviceable events with a failing MTMS of the HMC itself is disabled. Those serviceable events should be manually reported to IBM software support. * To see if you are running on a virtual HMC use the lshmc -v command. If it displays a UVMID field, then you are running in a virtual machine. Example: lshmc -v "vpd=*FC ???????? *VC 20.0 *N2 Thu Sep 14 15:02:44 UTC 2017 *FC ???????? *DS Hardware Management Console *TM Vc87-f0a *SE 7f61457 *MN IBM *PN N/A *SZ 8371892224 *OS Embedded Operating Systems *NA 127.0.0.1 *FC ???????? *DS Platform Firmware *RM V8R8.7.0.0 **UVMID c87f:0a7f:603a:1457* " * When deploying a virtual HMC, if the mac address is not specified, it will be generated by the hypervisor. Network configuration on the HMC relies on the value of MAC addresses. If you re-deploy a new virtual HMC and want to restore critical console data previously taken on a virtual HMC, ensure sure you are using the same MAC addresses. * When using Activation Engine to setup NTP configuration, you must specify the NTP version value. * We recommend upgrading to the new image that uses 500GB by following the steps below: o From the current HMC version (e.g. HMC V8.860.0), upgrade to HMC V9 R1 M910 o When the upgrade is complete the HMC is now at a new version but still has a 160GB disk. o Perform a Critical Console Data backup, excluding network information and store the backup to a remote location. o Deploy the new HMC V9 R1 M910 image which uses a 500GB disk. o After the HMC boots up with the 500GB disk, restore the Critical Console data. National Language Support (Supported languages) *Languages* *Locales* English en_US,en_AU,en_BE,en_BE@preeuro,en_CA,en_GB,en_GB@euro,en_HK,en_IE,en_IE@preeuro,en_IN,en_NZ,en_PH,en_PK,en_SG,en_ZA Catalan ca_ES, ca_ES@preeuro German de_DE, de_DE@preeuro, de_CH, de_AT, de_AT@preeuro, de_LU, de_LU@preeuro French fr_FR, fr_FR.UTF-8, fr_CH, fr_CA, fr_BE, fr_BE@preeuro, fr_LU, fr_LU@preeuro Italian it_IT, it_IT@preeuro, it_CH Spanish es_ES, es_ES@preeuro, es_AR, es_BO, es_CL, es_CO, es_CR, es_DO, es_EC,es_SV, es_GT, es_HN, es_MX, es_NI, es_PA, es_PY,es_PE, es_PR, es_US, es_UY,es_VE Brazilian Portuguese pt_BR Portugal Portuguese pt_PT, pt_PT@preeuro Polish pl_PL, pl_PL.UTF-8, pl_PL@euro,pl_PL@preeuro Japanese Ja_JP Simplified Chinese zh_CN, zh_SG Traditional Chinese zh_TW, zh_HK Korean ko_KR Hungarian hu_HU, hu_HU.UTF-8,hu_HU@euro,hu_HU@preeuro Dutch nl_NL, nl_NL@preeuro, nl_BE, nl_BE@preeuro Russian ru_RU Czech cs_CZ, cs_CZ.UTF-8,cs_CZ@euro,cs_CZ@preeuro Slovakian sk_SK, sk_SK.UTF-8,sk_SK@euro,sk_SK@preeuro Copyright and Trademark Information http://www.ibm.com/legal/copytrade.shtml Notices This information was developed for products and services offered in the US. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: /IBM Director of Licensing// //IBM Corporation// //North Castle Drive, MD-NC119// //Armonk, NY 10504-1785// //US/ For license inquiries regarding double-byte character set (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: /Intellectual Property Licensing// //Legal and Intellectual Property Law// //IBM Japan Ltd.// //19-21, Nihonbashi-Hakozakicho, Chuo-ku// //Tokyo 103-8510, Japan/ INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk. IBM may use or distribute any of the information you provide in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: /IBM Director of Licensing// //IBM Corporation// //North Castle Drive, MD-NC119// //Armonk, NY 10504-1785// //US/ Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us. The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. All IBM prices shown are IBM's suggested retail prices, are current and are subject to change without notice. Dealer prices may vary. This information is for planning purposes only. The information herein is subject to change before the products described become available. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to actual people or business enterprises is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs. Each copy or any portion of these sample programs or any derivative work must include a copyright notice as follows: © (your company name) (year). Portions of this code are derived from IBM Corp. Sample Programs. © Copyright IBM Corp. _enter the year or years_. If you are viewing this information in softcopy, the photographs and color illustrations may not appear. Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at Copyright and trademark information at www.ibm.com/legal/copytrade.shtml . Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft is a trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Back to top