Hardware Management Console Readme For use with Version 8 Release 8.5.0 SP1 Date: 21 November 2016 Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01669 <#MH01669> * Package information <#package> * List of fixes <#fixes> * Installation <#install> * Additional information <#additional> PTF MH01669 This package include a fix for HMC from HMC Version 8 Release R8.5.0 Service Pack 1. You can also reference this package by PTF MH01669 and APAR MB04051. This image must be installed on top of HMC Version 8 Release 8.5.0 Service Pack 1 (PTF MH01633) with or without additional PTFs. Note: This PTF supersedes MH01664 and MH01663. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01669.iso 1607874560 87523564f210be7a4ca2eebe38913fd59213b931 MB04057 MH01669 Splash Panel information (or lshmc -V output) "version= Version: 8 Release: 8.5.0 Service Pack: 1 HMC Build level 20161115.1 MH01669: Fix for HMC V8R8.5.0 SP1 (11-15-2016 ","base_version=V8R8.5.0 " Install Notes 1. *Special Install Instructions: *Installing this PTF using the Enhanced+ interface may hang. Prior to installing this PTF using the web browser graphical interface perform the following: 1. Log in again selecting the Log In option of "Classic". 2. If already logged in to the HMC using Enhanced GUI, log off the HMC. 3. Install using the normal installation instructions. Alternatively, install this PTF using the CLI updhmc command. List of fixes *General fixes* * Added DST timezone changes for Turkey, leap second to 31 Dec 2016. * Changed the HMC install process to report the error SRC E3558801 when the installation of a service pack or iFix fails due to a rare RPM installation failure. Prior to this fix, the service pack or iFix installation appeared to finish successfully. * Fixed another issue to prevent call home SRC E3D46FFF combined with System_Auth SRC E3D43104 due to a scheduled change credential password task that no longer is needed. * Fixed a problem that caused a blank window to be opened when the ASM interface for a server is launched. This problem only occurs for servers which have newer versions of POWER 8 system firmware installed. * Fixed a problem in the Manage Software Service Information Transmission GUI window that sometimes prevented a partition from being successfully added to or removed from the list of partitions from which to collect software service information to call home even though no error was reported. This problem can only occur when the partition being added or removed has the same partition ID as another partition on another managed system the HMC is managing. *Security **fix* * Fixed multiple OpenSSL vulnerabilities: CVE-2016-2180, CVE-2016-2182, and CVE-2016-6306 *Previously released fixes also included in this PTF: ** * * MH01663* 10/20/2016 * Fixed a rare timing issue that can cause a partition migration operation to incorrectly fail with error "/HSCL2957 Either there is currently no RMC connection between the management console and the partition or the partition does not support dynamic partitioning operations/" even though the RMC connection is actually active. Circumvention: Confirm that the HMC lssyscfg -r lpar -m -Frmc_state command shows the RMC connection is active then try the partition migration operation again. * Fixed an issue where system initiated System Dump files were not being automatically called home. * Fixed a problem causing communication problems between the master HMC and the other HMCs managing a Power enterprise pool. This problem only occurs if the first HMC added to a pool has the same private IP address as the master HMC, which causes the master HMC to set its IP address for pool communication to that private IP address (you can confirm this by displaying the master HMC's IP address via the Power enterprise pool GUI or the lscodpool command). Symptoms include the inability to perform pool operations from managing HMCs, and an HMC connection status of unavailable or Unknown. If you have already been affected by this problem, after installing this service pack you must remove all of the managing HMCs from your pool, then add them all back. This action will correct the master HMC's IP address. * Fixed a problem that caused every attempt to add a managing HMC to a Power enterprise pool to fail with the error "The operation sent to management console has timed out." This problem occurs only if one of the following conditions is true: 1. The master HMC has an unconfigured Ethernet interface numbered lower than the interface used for HMC-HMC communication; 2. The IP address for an Ethernet interface numbered lower than the interface used for HMC-HMC communication or the IP address of the Ethernet interface used for HMC-HMC communication is updated on the master HMC and the HMC is not restarted after the update. To work around this problem, reconfigure the master HMC's Ethernet interfaces so that the Ethernet interface to be used for HMC-HMC communication is numbered lower than any unconfigured interfaces, then restart the HMC. * Fixed a problem where some GUI views of system firmware levels such as the Updates, System Code Levels table incorrectly show a deferred level of none (or blank) when a deferred level exists. * Fixed an issue causing the update of I/O device microcode from IBM microcode CD/DVD to fail with "/HSCF0179W Operation was partially successful for .// //An error occurred while attempting to update I/O microcode on : An error occurred copying a file from the CDROM. First verify the correct media is inserted in the drive, that there is space available on the target system, then try the operation again./" * Fixed a rare error that can occur when the HMC is processing a property change event for a tree node representing a managed object or group while a managed system is being added to the HMC. This error caused SRC E3551040 to be generated and called home. * Fixed a problem with persisted service data that can impact HMC model CR9s. Symptoms include: all dumps from the managed server being deleted immediately after offload; new serviceable events reported by the server being discarded without a serviceable event being opened on the HMC. * Fixed a problem that caused the wrong HMC machine type, model and serial number to be displayed on the following HMC GUI screens: Service Management -> Enable Electronic Service Agent and Service Management -> Manage Inbound Connectivity -> Prepare -> Remote Service Session. This problem occurs on CR9 model HMCs only. * Fixed a problem causing partition migration operations performed by PowerVC to fail when the ibmpowervm_mover_service_partitions attribute is specified in the nova.conf files. This problem occurs only with Virtual I/O Server versions 2.2.4 and later. * Fixed IBM Websphere Application Server (WAS) vulnerabilities: CVE-2016-0378 and CVE-2016-5986. * Fixed Apache Tomcat vulnerability: CVE-2016-3092. * Set the X-Frame-Options HTTP response header from all HMC /dashboard URLs to instruct the browser to not allow framing from other domains. This change is intended to prevent Clickjacking attacks. * Disabled TLS 1.0 for HMC port 443 in legacy security mode. * MH01664* 09/24/16 * Fixed a problem causing the WLP server not to start after the HMC is rebooted, causing the REST API functions to not be available. This impacts the enhanced GUI login, PowerVC, PCM and any other function that utilizes the REST API on the HMC. This problem only occurs if the user runs the save upgrade data task and subsequently reboots the HMC without actually performing an HMC upgrade. This fix prevents the problem from occuring again and also repairs HMCs previously impacted. * Fixed reports of 1100C001 and 1100C002 during an FSP repair procedure to be informational SRCs and not call home. * Fixed an issue where applying a fix or service pack could cause a user that launches vterm or other applets remotely to encounter a security error. The java console log will show error "javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name" even though the host name is correct. * Fixed the HMC readme content link when launched from the HMC GUI Installation *Special Install Instructions: *Installing this PTF using the Enhanced+ interface may hang. Prior to installing this PTF using the web browser graphical interface perform the following: 1. Log in again selecting the Log In option of "Classic". 2. If already logged in to the HMC using Enhanced GUI, log off the HMC. 3. Install using the normal installation instructions. Alternatively, install this PTF using the CLI updhmc command. Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions Additional information Notes: 1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 2. This image requires DVD -R media. 3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 4. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i In all cases, the HMC application extracts the files needed to install the corrective service.