Hardware Management Console Readme *Version 10 Release 2 Maintenance 1043 (V10 R2 M1043) README* Date: 22 November 2024 (C) Copyright International Business Machines Corp., 2024 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * Terminology <#term> * PTF MF71707 HMC V10 R2M1043.0 - for vHMC for x86_64 hypervisors (5765-VHX) <#MF71707> * PTF MF71708 HMC V10 R2M1043.0 - for 7063 Hardware or vHMC for PowerVM (5765-HMB) <#MF71708> * Enhancements <#enhance> * List of fixes <#fixes> * Known issues and limitations <#known> * Best Practices <#best> * Installation <#install> Terminology *x86* - This term is used to reference the Intel hypervisors (KVM, VMWare, Xen) on which Virtual HMC can be installed. *Note:* HMC V10R2 release for x86 is not supported on bare metal (7042 hardware appliances). * ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MF71707 HMC V10 R2 M1043.0 - for vHMC for x86_64 hypervisors (5765-VHX) This package represents a service pack image that can be used to update the HMC to the HMC V10 R2 M1043 release. You can also reference this package by APAR MB04441 and PTF MF71707. This image can be installed on top of HMC V10 R2 M1030 with or without other PTFs or Service Packs. * Service packs are cumulative and as such will include all the fixes for the PTFs released up to and including the last service pack(s) for this HMC version. Please read the individual Readme files for each PTF to see the list of fixes. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# HMC_Update_V10R2M1043_x86.iso 5557417984 dc73171a8cbac75954a4f1076605464ffbdf1bfa MB04472 MF71707 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 2 Service Pack: 1043 HMC Build level 2410292339 MF71707 - HMC V10R2 M1043 ","base_version=V10R2 " PTF MF71708 HMC V10 R2 M1043.0 - for 7063 Hardware or vHMC for PowerVM (5765-HMB) This package represents a service pack image that can be used to update the HMC to the HMC V10 R2 M1043 release. You can also reference this package by APAR MB04442 and PTF MF71708. This image can be installed on top of HMC V10 R2 M1030 with or without other PTFs or Service Packs. * Service packs are cumulative and will include all the interim fixes for the PTFs released up to and including the last service pack(s) for this HMC version. Please read the individual Readme files for each PTF to see the list of fixes. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# HMC_Update_V10R2M1043_ppc.iso 5546805248 0cdd025dab58d59c48c0c8ed6757f338aa8ed806 MB04473 MF71708 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 2 Service Pack: 1043 HMC Build level 2410292339 MF71708 - HMC V10R2 M1043 ","base_version=V10R2 " * * *General fixes* * Fixed an issue for Chinese and Taiwanese locales which caused firmware updates on Enterprise BMC-based managed systems to fail with the error "/No firmware image specified for system type BMC/". * Fixed an issue preventing Virtual Serial Numbers from being displayed on the HMC GUI for partitions on servers in a Power Enterprise Pool 2.0. * Fixed an issue that causes the Allow Migration with Inactive Source Storage VIOS system setting to always be enabled for Enterprise BMC-based managed systems after every HMC restart. * Fixed an issue that causes the password included in the proxy URI specified with the chsvc --http or --socks parameter to be shown in the console event log and logged in clear text. This issue only occurs when the user ID specified in the proxy URI contains a '@' character. * Fixed an issue where DLPAR adding a physical I/O adapter that is already assigned as a required adapter to another running partition fails and leaves the partition that owns the adapter in a not bootable state, thereby preventing any further profile synchronization for that partition from occurring until that partition is reactivated. * Fixed a timing issue that can cause physical I/O adapter descriptions and feature codes to be incorrect or missing after an HMC restart. * Fixed an intermittent issue preventing Power enterprise pool mobile processors from being restored after a server power on for servers that have both mobile processors and mobile memory. This fix requires the server to be at a firmware level that contains the corresponding server firmware fix. * Fixed an issue where SR-IOV adapter settings are not restored when profile data is restored on Enterprise BMC-based managed systems. * Fixed an issue causing a partition remote restart operation to successfully complete without configuring the partition's storage adapters on the destination managed system. This issue occurs when the source managed system is an Enterprise BMC-based managed system that is in No Connection state. * Call home no longer works with country code Serbia and Montenegro (CS). On the call home Customer information panel, the Administrator information country and System information country must be changed from Serbia and Montenegro (CS) to either Serbia (RS) or Montenegro (ME) for call home to work. * Fixed an issue that can cause SRCs E3550421, E3D46FFF, or E3D43103 to be reported when an HMC with a firmware version earlier than 1030 tries to use a discovered HMC with version 1030 or later as a call home server. * Fixed an issue that can cause the HMC GUI dashboard to hang when loading when the language is set to German. * Fixed an issue that causes the chhmccert command to fail with a file not found error when the directory specified with the -d parameter does not end with a '/'. * Fixed an issue that can cause SRC E3325009 to be reported when the host name of another HMC in the network has changed. * Fixed an issue that prevented a change to the physical attention LED state for an Enterprise BMC-based managed system from being reflected on the HMC GUI when the change was initiated on another HMC or by the system itself. * Fixed a rare issue that can cause a system firmware update for an Enterprise BMC-based managed system to fail with the error "/HSCF0319E An error occurred while attempting to swap the service processor temporary and permanent sides./" * Fixed an issue causing the HMC REST API to return status 401 (unauthorized) instead of status 503 (service unavailable) while the HMC is initializing after an HMC restart. * Fixed an issue that causes the system time shown on the HMC for an Enterprise BMC-based managed system to be shown in the HMC's local time. * Fixed an issue that can cause Performance and Capacity Monitoring (PCM) to stop working after the runsig -s 511 command is run. * Fixed an issue that can cause the Save HMC upgrade data task to fail because the upgrade partition is full due to user-created profile data backup files with file names that have leading spaces. * Fixed an issue causing the HMC to establish a duplicate connection to the same Enterprise BMC when its IP address changes. * Fixed an issue that can cause functions using SFTP on the GUI to silently fail during the SFTP transfer. * Fixed some GUI tasks, such as Save HMC upgrade data, to return an error instead of silently fail when a '&' character is specified in one of the input fields, such as a password field. * Corrected the image displayed in system plans for the PCIe Gen3 I/O expansion drawer. * Fixed an issue preventing the icmp firewall rule from being added or removed using the chhmc command. * Fixed an issue causing the HMC to call home SRC E35A000D due to too many open sockets. * Fixed an issue that can cause SRC E212E136 to be called home when the Serviceability ->Transmit service information -> Send Problem Reports task is used to transmit a large file, such as a PE debug data file. * Fixed an issue that can cause the query of LIC updates from the IBM service website on the GUI to fail with the error "/Unable to access repository or no images available./" This issue can occur on HMC’s managing Enterprise BMC-based managed systems in a NovaLink co-managed environment. * Fixed an issue that can cause a user with a custom task role which includes the Shut down HMC task to be unable to see that task in the HMC actions menu in the new GUI dashboard. * Added a 30 minute timeout to the Exchange FRU procedure to prevent the procedure from hanging indefinitely at the "/Querying service effect for location"/ step. Security Fixes * Fixed Apache HTTP Server vulnerabilities: CVE-2023-38709, CVE-2023-45802, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38477, and CVE-2024-39573 * Fixed Kerberos vulnerabilities: CVE-2024-37370 and CVE-2024-37371 * Fixed Java vulnerabilities: CVE-2024-21131 and CVE-2024-21145 * Fixed libndp vulnerability: CVE-2024-5564 * Fixed openssh vulnerability: CVE-2020-15778 * Fixed less vulnerability: CVE-2024-32487 * Fixed linux firmware vulnerabilities: CVE-2022-46329, CVE-2023-20592, and CVE-2023-31346 * Fixed nghttp2 vulnerability: CVE-2024-28182 * Fixed libssh vulnerabilities: CVE-2023-6004 and CVE-2023-6918 * Addressed CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the preloginmonitor URL. Known Issues & Limitations * If log in to the HMC GUI is failing with this error for LDAP or auto-managed users: /Error: "Logon Error: Invalid credential or Timeout. Please try again after some time, if it repeats, please follow troubleshooting steps from IBM support."/ Use the following troubleshooting steps: Check whether the user is LDAP or auto-managed authentication type. If so, run the following command to change the LDAP configuration: o chhmcldap -o s --timelimit 30 --bindtimelimit 20 If log in to the GUI still fails, run the following command: o chhmcldap -o s --timelimit 30 --bindtimelimit 10 Best Practices * User sessions - The following best practices helps avoid performance degradations gradually over a period of time due to increased login sessions as well as security vulnerabilities such as unauthorized access to the active HMC sessions. o It is a best practice to logoff from HMC UI and then close the browser tab instead of directly closing the tab o Set Idle session timeout for all the users and not leave the timeout as '0' which leaves it as no timeout. * Profile recommendations - The maximum number of partition profiles suggested per partition is 10. Installation Installation instructions for HMC Version 10 upgrades and corrective service can be found at these locations: Upgrading the HMC from Version V9R2 or V10R1M1010 to V10R2M1040 Updating, upgrading, and migrating your HMC machine code Update(s) for HMC V10R2M1043