Hardware Management Console Readme *Version 10 Release 1 Maintenance 1023 (V10 R1 M1023) README* Updated: 17 January 2024 (C) Copyright International Business Machines Corp., 2024 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * Terminology <#term> * PTF MF71508 HMC V10 R1M1023.0 - for vHMC for x86_64 hypervisors (5765-VHX) <#MF71508> * PTF MF71509 HMC V10 R1M1023.0 - for 7063 Hardware or vHMC for PowerVM (5765-HMB) <#MF71509> * Known Issues and Limitations <#known> * List of fixes <#fixes> * Best Practices <#best> * Installation <#install> Terminology *x86* - This term is used to reference the Intel hypervisors (KVM, VMWare, Xen) on which Virtual HMC can be installed. *Note:* HMC V10R1 release for x86 is not supported on bare metal (7042 hardware appliances). * ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MF71508 HMC V10 R1 M1023 - for vHMC for x86_64 hypervisors (5765-VHX) This package represents a service pack image that can be used to update the HMC from HMC V10 R1 M1010 release. You can also reference this package by APAR MB04436 and PTF MF71508. This image can be installed on top of HMC V10 R1 M1010 with or without other PTFs or Service Packs installed. * Service packs are cumulative and as such will include all the fixes for the PTFs released up to and including the last service pack(s) for this HMC version. Please read the individual Readme files for each PTF to see the list of fixes. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# HMC_Update_V10R1M1023_x86.iso 5385758720 d089b825e38606139f407b73acef3e7b32469bb1 MB04436 MF71508 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 1 Service Pack: 1023 HMC Build level 2401030950 MF71508 - HMC V10R1 M1023 ","base_version=V10R1 " PTF MF71509 HMC V10 R1 M1023 - for 7063 Hardware or vHMC for PowerVM (5765-HMB) This package represents a service pack image that can be used to update the HMC from HMC V10 R1 M1010 release. You can also reference this package by APAR MB04437 and PTF MF71509. This image can be installed on top of HMC V10 R1 M1010 with or without other PTFs or Service Packs installed. * Service packs are cumulative and will include all the interim fixes for the PTFs released up to and including the last service pack(s) for this HMC version. Please read the individual Readme files for each PTF to see the list of fixes. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# HMC_Update_V10R1M1023_ppc.iso 5342763008 ebf97d2b98cbb5962b6d7c8d98e898d2a142947a MB04437 MF71509 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 1 Service Pack: 1023 HMC Build level 2401030950 MF71509 - HMC V10R1 M1023 ","base_version=V10R1 " Known Issues and Limitations * In 1020 and higher a new Event Notification field was introduced with 3 scheduled operations settings: o None o All scheduled operations o Failed scheduled operations The prior setting, if it was selected, of "All scheduled operations"ť is not persisted across updates to V10R1M1020 or greater nor upgrades to V10R2M1030. Instead the setting defaults to the None option. *Workaround:* Re-save the desired setting after update or upgrade to receive notifications of scheduled operations. * The reset of an expired password of a Kerberos user is not supported in multi-realm configuration setups since release V9 R2 950. When such users try to login using GUI, they will get message as Invalid credential. Upon login from CLI, users may see below or similar messages. /Password:// //Password expired. Change your password now.// //Current password:// //Current Password:// //Password change failed. Server message: Old password not accepted.// //Current Password:// //Password change failed. Server message: Old password not accepted.// //Current Password:// //New password:// //Retype new password:// //Password change failed. Server message: Old password not accepted./ *Circumvention**:* Change or reset the password first, then log into HMC. * vterm launch on the local console will fail due to additional checks performed on the certificate. The launch of vterm on remote web console of HMC will continue to work. The workaround is to re-generate the HMC certificate by going to HMC Management - HMC Certificates, select the line called “Subject Alternative Names” then go to “Selected” -> “Modify” and add domain as localhost and the IP address as 127.0.0.1 in addition to the current DNS settings. List of fixes *General fixes* * Allow users with the hmcservicerep task role to perform R&V operations. * Fixed an issue that caused VIOS scheduled operations to be deleted when the HMC is restarted. * Fixed an issue that sometimes causes PCM energy metric values to be associated with the wrong metrics on Enterprise BMC-based managed systems. * Fixed an issue that caused the name of a shared processor pool on an Enterprise BMC-based managed system to be reset to the default name after the maximum or reserved processing units for the pool was changed. * Fixed an issue that caused SRC E3D45070 to be reported and called home during a Transmit Service Information operation due to specifying the iqyy* as a file for transfer and coincidentally rotated or deleted during the operation. * Fixed an issue preventing a partition from being set as a time reference partition on a managed system that does not support Live Partition Mobility but does support time reference. * Fixed an issue causing firmware updates for OpenPower systems to always fail with the error "/HSCF0276E Failure during readiness check operation against target./" * Corrected the values shown in the Storage I/O usage column on the Usage page of the Systems and Partitions tables in the new GUI dashboard. * Fixed an issue that caused the VIOS Create Virtual Fibre Channel adapter GUI task to fail with the error /"//REST000B The URL presented to the Management Console REST Web Services is not valid."/ * Fixed an issue that always caused a Linux partition running in the Power10 processor compatibility mode to fail remote restart or disaster recovery validation on a POWER9 processor-based destination system. * Changed the name of the button on the Firmware Import Updates wizard Summary page from Install to Import. * Fixed an issue causing the interpolation line and shading to be missing from Performance and Capacity Monitoring (PCM) graphs for some intervals such as last month when accessing the PCM GUI from the old dashboard. * Fixed an issue that called home SRC E3D46FFF for a problem that is closed or duplicated automatically in the backend. * Fixed a timing issue that caused SRC E3D46FFF to be called home due to a call home failure that occurred because the Electronic Service Agent was not fully activated. * Changed call home SRC E2FF4406 to informational. There is no impact or action required from the client as this SRC is caused by a harmless issue with the HMC logging framework. * Fixed an issue that causes the Update Access Key (UAK) to be resent to an Enterprise BMC-based managed system every time the HMC performs a UAK check even though the UAK has not expired. * Fixed a rare timing issue that causes the Electronic Service Agent service to terminate when the HMC is booting. When this occurs, call home and most transmit service information functions will not work. * Fixed another issue that prevented call home from working successfully. Symptoms include test call home displaying attempts at trying additional legacy IP addresses and fix repositories. * Fixed an issue with PCM energy metric sample collection for Enterprise BMC-based managed systems that caused SRC E3550046 to be called home. *Security fixes* * Fixed Java vulnerabilities: CVE-2023-5676, CVE-2023-22067, and CVE-2023-22081. * Fixed Apache Tomcat vulnerabilities: CVE-2023-45648, CVE-2023-42795, and CVE-2023-46589 * Disabled unused HMC port 5023. * Addressed CWE-200 (Information Exposure) in reset expired password form. Best Practices * User sessions - The following best practices helps avoid performance degradation gradually over a period of time due to increased login sessions as well as security vulnerabilities such as unauthorized access to the active HMC sessions. o It is a best practice to logoff from HMC UI and then close the browser tab instead of directly closing the tab o Set Idle session timeout for all the users and not leave the timeout as '0' which leaves it as no timeout. Installation Installation instructions for HMC Version 10 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 10 Updating, upgrading, and migrating your HMC machine code Update(s) for HMC V10R1M1010 Back to top