Hardware Management Console Readme *Version 9 Release 2 Maintenance 952 (V9 R2 M952) README* Updated: 07 April 2022 (C) Copyright International Business Machines Corp., 2021 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * Terminology <#term> * PTF MH01904 <#MH01904> * PTF MH01905 <#MH01905> * Install Notes <#insnotes> * List of fixes <#fixes> * Known issues and limitations <#known> * Best Practices <#best> * Installation <#install> Terminology *x86* - This term is used to reference the HMC that runs on 7042-CR9 hardware appliances and Intel hypervisors (KVM, VMWare, Xen) on which Virtual HMC can be installed. * ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MH01904 HMC V9 R2.952.0 Service Pack - for 7042-CR9 or vHMC for x86 hypervisors (5765-HMW) This package represents a service pack image that can be used to update your HMC from HMC V9 R2 M950 release for 7042-CR9 hardware or vHMC for x86_64 hypervisors. You can also reference this package by PTF MH01904 and APAR MB04299. This image can be installed on top of HMC V9 R2 M950 with or without other PTF or Service Packs before it. * Service packs are cumulative and as such will include all the fixes for the PTFs released up to and including the last service pack(s) for this HMC version. Please read the individual Readme files for each PTF to see the list of fixes. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# HMC_Update_V9R2M952_x86.iso 4184154112 fa7fab4dc8577d978aed3c8bc205787330bb1b2b MB04299 MH01904 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 2 Service Pack: 952 HMC Build level 2111082314 MH01904 - HMC V9R2 M952 ","base_version=V9R2 " PTF MH01905 HMC V9 R2.952.0 Service Pack - for 7063 Machine Types or vHMC for PowerVM (5765-HMB) This package represents a service pack image that can be used to update your HMC from HMC V9 R2 M950 release for 7063 machine type or vHMC for PowerVM. You can also reference this package by PTF MH01905 and APAR MB04300. This can be installed on top of HMC V9 R2 M950 with or without other PTF or Service Packs before it. * Service packs are cumulative and will include all the interim fixes for the PTFs released up to and including the last service pack(s) for this HMC version. Please read the individual Readme files for each PTF to see the list of fixes. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# HMC_Update_V9R2M952_ppc.iso 4154163200 32b0f0fe66ee7b7a5785d4a3eff4c511a041312c MB04300 MH01905 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 2 Service Pack: 952 HMC Build level 2111082314 MH01905 - HMC V9R2 M952 ","base_version=V9R2 " Install Notes * If a restore is necessary after installing M952 and taking a backup, the restore process requires installing the recommended PTF MH01900/MH01901 on top of Recovery image V9R2 before restoring M952 or higher List of fixes *General fixes* * Fixed an issue with the "Must use redundant MSPs" option of migration that caused failures to migrate some partitions due to the MSPs running out of concurrent migration thread resources. Re-running the LPM for the partitions that did not migrate is the workaround. * Fixed an issue where LPM validation may incorrectly fail with an error stating that additional free memory is needed on the target server when the migrating partition has a very large memory setting and the target system is tight on available memory. Errors include: /HSCL3656 There is an insufficient amount of memory available on the destination managed system for the configuration of the partition./ * Fixed an issue that causes the HMC to report SRC E212E161 due to too many open files This error is due to excessive socket count. * Fixed an issue where updating the HMC using virtual media on CR2 fails with "/Media Services Error. The media contains an unrecognized filesystems. Please make sure that the media is properly formatted. //Would you like to try to use the media again?/ " * Fix to update the catalog.mic file to the latest version to allow for viewing live I/O device level data without having to also select a repository to view available levels. * Fixed an issue where the AIX Serviceable Events (SAEL with a src staring with pound sign ‘#’) would not trigger a customer notification. * Fixed a rare problem where performing concurrent bi-directional LPM with redundant MSPs may intermittently fail with error message "HSCLB98A The redundant mover server partition (MSP) mapping selection is not valid. When using redundant MSPs, the same number of source and destination MSPs must be selected for a migration operation." * Fixed an issue where the HMC would try to contact IBM in order to get a call home entity id from the back end on OEM systems. * Update logic to report serviceable events that arrive within 5 seconds of each other that share the same reference code but report different FRU locations. HMC will report these as separate service events instead of duplicates of the first. * Updated the algorithm for determining when to mark a serviceable event a duplicate of an existing one to include full location codes. * Fixed an USB update failure issue resulting in errors "/cp: error writing file too large/” * Fixed an issue where some Serviceable Events would not show the right CSP ticket value after call home. * Add function to *chprimhmc *command to start primary monitor arbitration for which HMC processes problems events from the server. * Fixed an issue where a HMC shutdown or restart may be delayed for up to 10 minutes if a serviceable event without a parts list is received just prior to the reboot. * Fixed an issue where email test fails would return success '0' instead of the usual failure "/Send email error. RC=3/" when running "*chsacfg -t email -o test all*" * Fixed an issue with deploy partition template with an empty partition name. An error message is shown to the user but after pressing cancel on the error the create partition can not be used to create the partition. * Fixed an issue when lslic is run against the same server at the same time from the same HMC where one instance performing cleanup of downloaded files will cause the other instance to fail and return "/unavailable/" with/rc=0/. * Fixed an issue where repair operation cannot be run from FRU callout location codes P1-C1-T1 and P1-C2-T1 (power card cable). Circumvention: the FRU can still be repaired from the system unit end (UPIC Cable). * Fixed an issue where lslic would fail for BMC systems. * For Events Manager for Call Home removing the last registered management console is not reflected in the GUI. The console is actually removed but the table still shows the console. * Enabled Periodic Transmissions even when the HMC is not set as a Call Home Server * Fixed an issue with pedbg taking 4+ hours to complete after a backup/restore of critical console data. * Fixed an issue with creating sysplan resulting in exception : "/Exception Occurred - Message: null Cause: null/" when a partition name contains a comma character. * Fixed issue where fluxbox core file dump file is created in root fs during reboot/shutdown of HMC. * Prevent the HMC from attempting to connect to external public DNS Servers nightly. * Fixed hardware clock not syncing with NTP. * Improved the logging to capture more data about the HMC taking a long time to respond post update, hanging at "Initialization in progress” for hours, eventually completely the GUI load. * Fixed an issue where webui ciphers are reset to default and any previous changes are lost, after a service pack or iFix is applied * Stale vNIC mapping data may be used during a remote restart, disaster recovery (DR) restart, or Simplified Remote Restart (SRR) if the respective vnic backing device has been modified using dlpar. To recover, issue rebuild server operation after performing dlpar on a vnic backing device. * Fixed an issue with invalid data getting collected for RR or DR operation resulting in errors during validate such as HSCLA319 * Fix to change SRC E2FF4600 to no longer be a call home SRC, only informational * Fixed an issue with the vterm rendering that causes a long vertical window with spaced out font locally at the console. * Fixed an issue that disabled changing sriov physical port attributes via UI or CLI resulting in error message /"//HSCL3670 There was an error accessing the management console persistent storage area./” * Fixed slow performance of backup CCD due to a core file issue when run from the CLI. * Fix to prevent a delay in HMC startup during reboot if PCM is enabled and has multiple PCM sample files are collected within /data/pcm. Another symptom is monhmc showing high swap memory usage. * Added profile data to save upgrade data. * Fixed an issue at HMC startup that resulted in a delay for around 30 minutes with messages:"/Console not Ready You cannot log on at this time. Console is still initializing and not yet ready for users to login. Allow the console to finish initializing and then try to login again./" * Fixed an issue when performing the dumprestart operation to avoid a waiting delay. * Fixed a VMRM Disaster Recovery restart issue following a deletion of partition from the target system that resulted in an incorrect error message HSCLAF0D Circumvention is to issue a rebuild server after deleting vnics or sriov logical ports (or a partition with them) on the target server. * Fixed a problem that caused call home SRC E23D040A due to hdwr_svr core dumping. The issue will also cause a brief no connection state to all servers; running tasks may fail with timeout or unknown errors; one or more servers may show an incomplete state that can be resolved with a rebuild. * Fixed an LPM validation issue that causes an error to be thrown when the target machine VF has only 2 VF resulting in call home SRC SRC E3550037. * Fixed the IBM i OS shutdown issue that throws the error code HSCL0DB4. * Fixed a regression error for 7063-CR1 failing to boot with 1901 error when cabled to dcbx enabled Jupiter switch. * Fixed an issue that can cause an HMC which is the master HMC for a Power Enterprise Pool to hang. This issue only occurs if there is a persistent communication issue between the master HMC and at least one of the managing HMCs in the pool. * Fixed the SRR/DR operation issue where restart was happening with the stale data * Fix an error on deploy system template where the deploy fails with "/REST0126 Please find error details below [An error occurred while creating the partition named {}. , HSCL1466 The partition specified is not valid. Rebuild the managed system and try again. ]/ " * Fixed missing check for simplistic password while updating an expired password for BMC Console Inband credentials * The HMC will now send a notification when the Events Manager for Call Home blocks a Problem Report Call Home * Fixed the partitions view table issue where the top row was being clipped off when there are more partitions than the grid can hold at a time. * Fixed an issue that caused the threshold value to be reset when another threshold value is modified from the modify Cluster Tier wizard. * Fixed location codes visibility issues in the IBM i Tagged IO panel, when the IBM i partition is having Physical IO connected to it. * Fixed an issue that caused CEC into recovery state when co management mode was quickly changed on a non-comanaged server. * Fixed an issue where a virtual network may show 802.1q tagging true when it is not tagged. * Fixed PCM dashboard opening issue seen only in certain languages such as Polish, Italian, etc. * Fixed an issue with the network boot of a partition via GUI causing failure when 'no' is selected for "Would you like to configure the client's network after the installation [yes]/no? " option. * On the GUI, when two DLPAR operations are performed on the same partition, fixed an issue that causes the second dlpar to rollback the changes of the first DLPAR operation. * Added a console log entry whenever a call home snmp trap is sent out. * Added Power On/Off Unit force close session option. * Fixed an issue that prevents the user to change the from address when using secure email, defaulting to the email user. * Fixed an issue that throws an error for P8 systems managed by HMC950 and above - "/HSCL1552 The firmware operation failed with extended error./" when toggling an lpar between SRR enabled/disabled. * Fixed an issue causing ipmi command to fail while collecting energy monitoring data resulting in frequent call home SRC E3550046. * Fixed a text issue on the email notification for Serviceable Events that showed null values. /Infocenter explanation: null// //Infocenter response: null/ * Fixed an issue that can cause the *chhmcfs -o f *command or the *lshmcfs *command to fail with "/HSCL8016 An unknown error occurred while trying to perform this command. Retry the command. If the error persists, contact your software support representative./" * Fixed an issue where the Install Corrective Service window locally at the console would shrink and require expansion or scrolling to select the desired PTF or Service Pack update. *Security **fixes* * Disable the listing of TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 in the available list. * Addressed CVE issue for bind CVE-2021-25215 * Addressed CVE issue for bash CVE-2019-18276 * Addressed the httpd vulnerabilities: CVE-2018-17199 and CVE-2020-11993 * Addressed the krb5 vulnerability: CVE-2020-28196 * Addressed the glib2 vulnerabilities:CVE-2021-27218 and CVE-2021-27219 * Addressed the tomcat vulnerabilty: CVE-2021-42340 * Fixed Cross-Site Scripting issue with HMC legacy panels. * Fixed issue of Nessus reporting Backup Files Disclosure CGI abuses. * Addressed the mod_proxy vulnerability: CVE-2021-40438 Known issues and limitations * Indefinite daily scheduled operations may show failed after 2 years of running with details of "/Error encountered : resultCounter exceeds LIMIT of 722/". * When a partition reports a problem, reporting partition field is missing PEL data. * Login using a Kerberos user fails if the user id is different from the remote user id. * Kerberos user cannot login from GUI, such user should continue to use CLI. * Kerberos server requires to be reconfigured using below CLI after update from 950 SP1 and PTFs. Recommended CLI commands : *chhmc -c kerberos -s remove –realm -a ** **chhmc -c kerberos -s add --realm -a * * HMC recently updated TomCat to Version 9, HTTP response messages are no longer present. Any REST client calls being made by external applications or the customer should depend on the status code instead of the status message to validate the success/failure of the API. This change may impact other products that use the HMC REST API such as VMRM and LKU. Check the product documentation for any prerequisite update needed for this HMC level. Best Practices * User sessions - The following best practices helps avoid performance degradations gradually over a period of time due to increased login sessions as well as security vulnerabilities such as unauthorized access to the active HMC sessions. o It is a best practice to logoff from HMC UI and then close the browser tab instead of directly closing the tab o Set Idle session timeout for all the users and not leave the timeout as '0' which leaves it as no timeout. Installation Installation instructions for HMC Version 9 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 9 Updating, upgrading, and migrating your HMC machine code Update(s) for HMC V9R2M950 Instructions and images for upgrading via a remote network install can be found here: HMC V9 network installation images and installation instructions Back to top