Hardware Management Console Readme *Version 10 Release 3 Maintenance 1060 (V10 R2 M1060) README* Updated: 20 November 2024 (C) Copyright International Business Machines Corp., 2024 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * Terminology <#term> * PTF MF71689 HMC V10 R3M1060.0 - for vHMC for x86_64 hypervisors (5765-VHX) <#MF71689> * PTF MF71690 HMC V10 R3M1060.0 - for 7063 Hardware or vHMC for PowerVM (5765-HMB) <#MF71690> * Enhancements <#enhance> * List of fixes <#fixes> * Known issues and limitations <#known> * Best Practices <#best> * Installation <#install> Terminology *x86* - This term is used to reference the Intel hypervisors (KVM, VMWare, Xen) on which Virtual HMC can be installed. *Note:* HMC V10R3 release for x86 is not supported on bare metal (7042 hardware appliances). * ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MF71689 HMC V10 R3 M1060.0 - for vHMC for x86_64 hypervisors (5765-VHX) This package represents a service pack image that can be used to update the HMC from HMC V10 R3 M1050 release. You can also reference this package by APAR MB04454 and PTF MF71689. This image can be installed on top of HMC V10 R3 M1050 with or without other PTFs or Service Packs installed. * Service packs are cumulative and as such will include all the fixes for the PTFs released up to and including the last service pack(s) for this HMC version. Please read the individual Readme files for each PTF to see the list of fixes. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# HMC_Update_V10R3M1060_x86.iso 4911697920 45b0feb11412ab587c94292fb756fe2854396cd8 MB04454 MF71689 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 3 Service Pack: 1060 HMC Build level 2406041953 MF71689 - HMC V10R3 M1060 ","base_version=V10R3 " PTF MF71690 HMC V10 R3 M1060.0 - for 7063 Hardware or vHMC for PowerVM (5765-HMB) This package represents a service pack image that can be used to update the HMC from HMC V10 R3 M1050 release. You can also reference this package by APAR MB04455 and PTF MF71690. This image can be installed on top of HMC V10 R3 M1050 with or without other PTFs or Service Packs installed. * Service packs are cumulative and will include all the interim fixes for the PTFs released up to and including the last service pack(s) for this HMC version. Please read the individual Readme files for each PTF to see the list of fixes. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# HMC_Update_V10R3M1060_ppc.iso 4902080512 a309d83f7faf6352d12672fab2544ebce7f97c7c MB04455 MF71690 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 3 Service Pack: 1060 HMC Build level 2406041953 MF71690 - HMC V10R3 M1060 ","base_version=V10R3 " Enhancements *Server Management: * * Support for FW1060 * Management, virtualization, serviceability and support of repair for the new Power10 9028-21B model system. * System plan has been updated to support 9028-21B systems * New environmental dashboard for displaying sustainability metrics that include historical data and trends for power usage, inlet temperature and carbon footprint over a specific period of time. *User Experience Improvements for below functions/panels:* * *Console management :* o Added support for IBM Website option for upgrading HMC. o New views on Save/Restore HMC upgrade data. o Simplified experience on HMC Upgrade function: Save HMC upgrade data -> Download upgrade files -> Upgrade HMC o New views for Backup and Restore critical console data o New experience for HMC restart/shutdown functions * *System Management and CoD functions : * o New experience on System Actions : Power On/Off, o Add/Remove/Reset connection, Rebuild/Change/Update system, Update System Password, Disconnect another management console, Service Processor Status o Support multi system power off functionality. o New views for CoD functions. The new CoD GUI does not include Utility CoD. Use the old GUI dashboard or the command line to view and manage Utility CoD. * *User Management : * o Simplified view of Active users, Running tasks. Actions to logoff active user or close running tasks. o Transformed user profiles, task roles and resource roles panels. o Transformed LDAP, KDC and MFA enablement panels. o The user ID for an HMC user can no longer be changed. * *Partition Management : * o Simplified view on list/create/manage system profiles o New experience on manage partition profiles : + list/create/copy/manage o Launch point for activate partition profile * *Service Management : * o New views on Call home management. o Options to set up call home and test call home connection. o New experience on system firmware update panels. o New tabular view on PCIe configuration o Option to save configuration, Manage LED states and view cable details o Simplified view on BMC settings o On the Transmit service information GUI, the Update AIX Access Key information is now a separate task from the Update Access Key information. Ensure the new Update AIX Access Key information task is set appropriately for your environment. *Security Enhancements* * Limit Web user interface active sessions to 100 per user and 1000 per HMC. o The 100 sessions per user can be modified, the 1000 sessions per HMC cannot. o Note: If the HMC sessions reach either threshold, the following commands can be used by hmcsuperadmin users to terminate sessions: + View the running tasks *lslogon *-r webui –t + View the sessions associated with users *lslogon *-r webui –u + Terminate sessions *termtask *-r webui -s -t all * HMC has a new password policy named "HMC Standard Security Password Policy" with the following values: o Min lower case: 1 o Min upper case: 1 o Min number: 1 o Min Special character: 1 o Password age(pwage): 90 o Min password length: 15 * The weak SSH CBC ciphers and key exchange and MAC algorithms have been removed from the current list of HMC encryption configurations o If login fails due to these modifications, the removed ciphers and algorithms are present in the available lists and can be added back using the commands listed below. *chhmcencr *-c ssh -o a -e *chhmcencr *-c sshkey -o a -e *chhmcencr *-c sshmac -o a -e * The HMC is configured with a PowerSC MFA allow list for SSH users. Users added to the allow list will be exempt from PowerSC MFA authentication when logging in to the HMC using SSH. * Enhanced the *chhmcert *command to include the certificate as trusted in the ECC's trust store. * The HMC no longer supports FTP or SFTP passwords with spaces on the GUI, command line, or REST API. If you specify an FTP or SFTP password that contains a space, the FTP or SFTP operation will fail with an error. * Enhanced the Update HMC GUI to allow an ISO file name to optionally be specified when using CD/DVD. Future Support Notes * Access to the old dashboard will be removed in a future release. * Support for the FTP option, which is unsecure, will be removed from all HMC interfaces in a future release. SFTP/NFS should be used instead. * Rest API access via port 12443 will be disabled in a future release. Use port 443 instead for accessing HMC Rest APIs. * * General Fixes * Added the Min usage column and renamed the Used column to Avg usage in the table on the Processor usage per processor pool tab in the new Performance and Capacity Monitoring (PCM) GUI dashboard Processor usage page. * Call home no longer works with country code Serbia and Montenegro (CS). On the call home Customer information panel, the Administrator information country and System information country must be changed from Serbia and Montenegro (CS) to either Serbia (RS) or Montenegro (ME) for call home to work. * Changed the managed system rebuild path to update any managed system or partition description fields that contain non-ASCII characters to an empty string. * Display the Program PID number and UVMID instead of the Device type and Serial on the GUI dashboard for virtual HMCs. * Extended the GUI timeout value for the Serviceability ->Transmit service information -> Send Problem Reports -> PE debug data collection task. * Fixed a GUI partition migration issue where virtual FC and virtual SCSI mappings that are edited and then validated are not used when the partition is migrated. * Fixed a rare issue that can cause an I/O firmware update to be skipped for some I/O adapters when more than one I/O adapter in an Enterprise BMC-based managed system is selected for update on the GUI. * Fixed a timing issue that can cause physical I/O adapter descriptions and feature codes to be incorrect or missing after an HMC restart. * Fixed an intermittent issue preventing Power enterprise pool mobile processors from being restored after a server power on for servers that have both mobile processors and mobile memory. This fix requires the server to be at a firmware level that contains the corresponding server firmware fix. * Fixed an issue causing a partition remote restart operation to successfully complete without configuring the partition's storage adapters on the destination managed system. This issue occurs when the source managed system is an Enterprise BMC-based managed system that is in No Connection state. * Fixed an issue causing the HMC to call home SRC E35A000D due to too many open sockets. * Fixed an issue causing the HMC to establish a duplicate connection to the same Enterprise BMC when its IP address changes. * Fixed an issue causing the load or unload of a virtual optical device which failed with the error "/Another operation has changed the configuration. Refresh the web page then try the operation again/." to fail again after the web page was refreshed. * Fixed an issue causing the number of Power enterprise pools shown on the GUI dashboard to be 0 instead of 1 when the HMC is managing one Power enterprise pool. Note that Power Enterprise Pools 2.0 are not included in this number. * Fixed an issue preventing an error message from being displayed on the Upgrade VIOS GUI screen when there is an error retrieving disk information from the VIOS. * Fixed an issue preventing Virtual Serial Numbers from being displayed on the HMC GUI for partitions on servers in a Power Enterprise Pool 2.0. * Fixed an issue that can cause functions using SFTP on the GUI to silently fail during the SFTP transfer. * Fixed an issue that can cause Performance and Capacity Monitoring (PCM) to stop working after the *runsig -s 511* command is run. * Fixed an issue that can cause SRC E212E136 to be called home when the Serviceability ->Transmit service information -> Send Problem Reports task is used to transmit a large file, such as a PE debug data file. * Fixed an issue that can cause the Performance and Capacity Monitoring (PCM) database to grow very large in size which can lead to PCM GUI performance issues and cause operations such as Save Upgrade Data to fail due to not having enough disk space. * Fixed an issue that can cause the query of LIC updates from the IBM service website on the GUI to fail with the error "/Unable to access repository or no images available./" This issue can occur on HMCs managing Enterprise BMC-based managed systems in a NovaLink environment. * Fixed an issue that caused a repair procedure to fail with the error "/One or more service procedure documents are missing. The service action can not continue. Contact next level of support for assistance./" This error occurs when the reference code of the event being repaired starts with a '#' character. * Fixed an issue that caused a VIOS upgrade using SFTP to fail with the error message "/HSCLC458 The backup file cannot be uploaded from the HMC to the Virtual I/O Server. If this error persists, contact your service representative./" due to the upgrade file having restricted read permissions on the SFTP server. * Fixed an issue that caused the deferred firmware level information to be missing in the GUI systems table for Enterprise BMC-based managed systems. * Fixed an issue that causes a VIOS upgrade to fail with the error "/HSCLC476 There are no free Virtual I/O Server disks/" even though there is enough free space available on NVMe disks. * Fixed an issue where DLPAR adding a physical I/O adapter that is already assigned as a required adapter to another running partition fails and leaves the partition that owns the adapter in a not bootable state, thereby preventing any further profile synchronization for that partition from occurring until that partition is reactivated. * Fixed an issue where the lssysconn command showed an incorrect VMI state of No Connection and a VMI connection error code of "/Already connected 0402-0001-00000025/" when the VMI was connected and the managed system was in Operating state. * Fixed the MSP Mappings page on the partition migration GUI to list all possible MSP mappings and to stop showing duplicate MSP mappings. * Remove HMC update files from the HMC /dump and /data directories after a failed HMC update. * Removed the repeated logging of console event /HSCE2357 "Managed system {0} {1} {2} code level {3}."/ This console event is now logged only when the managed system connects to the HMC or when the managed system rebuild task is run. * Improved the warnings shown on the HMC settings panel for the HMC date and time to restrict users from making changes to the HMC date and time when it cannot be changed. These changes were made for 7063-CR1 and 7063-CR2 HMCs only. * Updated the minimum, allocated, and maximum memory sizes for VIOS in the QuickStart system templates from 1 GB, 2 GB, and 4 GB to 4 GB, 8 GB, and 16 GB respectively. Also updated the default minimum, allocated, and maximum memory sizes for VIOS in the Add/Create VIOS wizard from 4 GB, 5 GB, and 8 GB to 4 GB, 8 GB, and 16 GB respectively. Command Line Changes * The *chhwres *command has been enhanced to allow a comma separated list of DRC indexes to be specified for the -l option when adding, removing, or moving physical I/O slots. * The following commands have been added to change and display Performance and Capacity Monitoring (PCM) energy metrics settings: *chpcm *and *lspcm*. * The *lsupgfiles *command has been added to list available HMC upgrades from the IBM Fix Central website. * A new option has been added to the *getupgfiles *command to get the upgrade files directly from the IBM Fix Central website. * The *-x netcfg* option has been deprecated for the *bkconsdata *command. Network interface hardware related configuration is now always excluded from backups. * The following commands have been enhanced to support configuring an allow list, which is a list of HMC user IDs to exempt from multi-factor authentication when logging in to the HMC using SSH : *chhmcauth* and *lshmcauth*. * The *chhmcusr *command has been enhanced to configure the maximum number of HMC Web user interface sessions allowed per user. The *lshmcusr *command has been enhanced to display the maximum number of HMC Web user interface sessions allowed per user and the maximum allowed for the HMC. * The *chhmcusr *and *mkhmcusr *commands have been enhanced to allow a comma separated list of resource roles to be specified. * Added the *--force* option to the *rmaccfg *command to remove an access control role that is currently assigned to one or more HMC users without confirmation. * Removed the ability to change the user ID for an HMC user from the *chhmcusr *command. * Removed the command *chhmc -c pcmprocusage -s modify --deductidle on/off* since it no longer has any impact. Also removed the *lshmc –p* command. Known Issues & Limitations * On the first connection of a system to HMC and system is powered on to standby state, system state might go to Recovery on the HMC. You can perform a Recover profile data operation to get the system to Standby state. Recover Profile data in this scenario will delete the manufacturing default configuration partition, If MDC mode is desired, first set the server start policy to Auto Start always before connecting to the HMC. * The physical attention LED state shown on the GUI may not reflect the actual state for Enterprise BMC-based managed systems. The *lsled *command does show the actual state. A system rebuild will correct the GUI issue. * Setting the Microsoft Edge browser to a language not supported by the HMC will cause Learn More links on the GUI to fail to launch help pages with the message "/The requested help document was not found./" * The recover profile data task fails to restore partition Platform KeyStore (PKS) data. If you have partition data stored in the PKS, it is recommended that you regularly backup profile data for your managed system in case there is a failure in restoring the PKS data in the future after a managed system has gone into Recovery state. * The GUI window may intermittently go blank, especially when performing a system firmware update operation. A browser refresh will fix the issue. * The power off of an Enterprise BMC-based managed system may fail from the GUI with the error "/Target reached unsuccessful terminal state STATE_NO_CONNECTION"/, even though the power off was successful. * The Add system GUI page may intermittently go blank after clicking Connect and not complete the add system request. When this occurs, refresh the GUI and try the operation again, or use the *mksysconn* command to add the system. * Dates, times, and numbers on the GUI Performance dashboard are shown in the format based on the HMC language instead of the browser language. * If a profile contains a migratable SRIOV port the "copy profile" UI task will generate a new HCN ID. Activation or apply will result in a new device being created in the partition. Circumvention is to switch the view to the old dashboard. * After update to 1060, user may encounter blank screen after logon. Resolution is to click CTRL+F5 to clear browser cache. * HMC 1060 UI accesses external IBM web sites for UI downloads. If the network blocks external access, UI operations may be slow or hang for non-US locales. * Automatic UAK renewal will update only one server at a time when the expiration window occurs. The workaround is to click Send now several times from the Transmit service information GUI for the Update Access Key Information to re-transmit until all servers are updated. Best Practices * User sessions - The following best practices helps avoid performance degradation gradually over a period of time due to increased login sessions as well as security vulnerabilities such as unauthorized access to the active HMC sessions. o It is a best practice to logoff from HMC UI and then close the browser tab instead of directly closing the tab o Set Idle session timeout for all the users and not leave the timeout as '0' which leaves it as no timeout. * Profile recommendations - The maximum number of partition profiles suggested per partition is 10. Installation Installation instructions for HMC Version 10 upgrades and corrective service can be found at these locations: Upgrading the HMC from Version V10R1 or V10R2M1030 to V10R3M1050 Updating, upgrading, and migrating your HMC machine code Update(s) for HMC V10R2M1050