Please Read: Before starting the Control Center upgrade/uninstall process, you must backup the entire "conf" directory found under Control Center install location. Please follow the steps below before upgrading: The following instructions apply to maintenance upgrades. 1. Stop Control Center engine 2. Back up the existing configuration data: If upgrading from 5.4.2.2 or prior, back up \conf directory found under Control Center install location. Backup your Control Center database. If upgrading from 6.0.0.0 or later, run exportConfig.sh/bat under \bin. The script creates a folder with all of the configuration data from the database and the conf folder. The location of this folder is conf-exported/{date_time}/conf. As per your need, for recovery purpopse, backup your existing Control Center database. 3. Proceed normally with installing the latest version of Control Center in original . (The installer would automatically un-install the previous version - but all of the configuration data will still be there). 4. On Unix, Linux platforms, run configCC.sh -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.2.0 iFix03 (Released 07/01/2019) 1. IT28811/R17565/MFT-10272 (2019-04-16) Description of issue: Classic Console Netmap filter not functioning for CD windows servers. Description of fix: Correct CD windows references. 2. IT28819/R17566/MFT-10285 (2019-04-16) Description of issue: ICC is unable to successfully monitor a CD i5 system using iASP resources Description of fix: Logic added to detect whether or not iASP is being used and if so, the path used to find the CDSTATFILE is now prefixed with the iASP name. 3. IT28883/R17572/MFT-10191 (2019-04-22) Description of issue: Any time a server group or server name contains the string "GIS" it is changed to "SI". Description of fix: Fixed the logic that was originally put in place to address the name change for the abbreviation of Gentran Integration Server to Sterling Integrator to only change GIS to B2Bi when appropriate. 4. IT28909/R17570/MFT-10301 (2019-04-24) Description of issue: The Content-Security-Policy default-src header does not include the default host name and so some web console pages are blocked. Description of fix: Fixed the logic that adds host names to the Content-Security-Policy header to include the default host name and any Cognos host name. 5. IT28939/R17574/MFT-10315 (2019-04-25) Description of issue: When running the certificate expiry task which raises events for Connect:Direct servers with certficates that have expired, an exception occurred processing one certificate that caused no more certificates to be processed. Description of fix: All exceptions are now caught when processing Connect:Direct server certificates so processing will continue for certificates on other Connect:Direct servers even if a problem is found. Also, the error that is logged has been enhanced to include the certificate name and text to allow for easier problem determination. 6. IT28988/R17576/MFT-10293 (2019-04-27) Description of issue: Menu items seem to disappear on Windows 10/Server 2016 when hovered over. Description of fix: Ensure that text remains a viewable color. 7. R17520/MFT-10326 (2019-05-01) Description of issue: Excessive delay when handling Alerts with DVG set. Description of fix: Custom queries substituted for the ones generated by OpenJPA to effect the appropriate database updates required to handle alerts with DVGs set. 8. IT29019/R17579/MFT-10258 (2019-05-02) Description of issue: Windows install fails when using Oracle SCAN, due to a DB connection failure. The Windows GUI installer does not honor the "Oracle RAC/SCAN" radio button when using a SCAN DB (i.e. a single DB host name/ip is specified). Since the installer does not correctly recognize this as a RAC/SCAN DB the wrong JDBC connection string is used, causing the connection to fail. Description of fix: Corrected the installer to properly set the result variable to true when the user selects the yes radio button. 9. IT29068/R17584/MFT-10346 (2019-05-09) Description of issue: Bad performance do to invalid index name hint specified in a Oracle SQL query. The query erroneously specified EVENTS_STAT_INDEX instead of the correct index name of EVENTS_STAT_IDX. Description of fix: Corrected the query to use the proper index name hint as follows: SELECT /*+ INDEX(EVENTS EVENTS_STAT_IDX) */ "EVENT_ID", "NODE_ID", "NODE_TYPE", "NODE_NAME", "ORIG_NODE", "PROC_ID", "PROC_NAME", "DATE_TIME", "XFER", "SUBMITTER", "EVENT_TYPE", "RET_CODE", "XFER_DIRECTION", "FILE_SIZE", "SOURCE_FILE", "DEST_FILE", "XML_STRING", "STEP_NAME", "TAG_XML", "SERIAL_NUM", "SEQ_NUM", "MSG_ID", "SHORT_MSG", "CC_NAME". 10. IT29096/R17588/MFT-10261 (2019-05-14) Description of issue: Requirement to address the following vulnerability in Websphere/Liberty: CVEID: CVE-2019-4046 5.9. Description of fix: Upgraded Websphere Liberty to 19.0.0.4 (from 19.0.0.2). 11. IT29536/MFT-10133 (2019-05-31) Description of issue: Required Cognos iFix package upgrade to address multiple vulnerabilities in ICU and JSCH components. Please note that a Black Duck scan incorrectly repoted the CVEs against ICU (International Components for Unicode) for Java (icu4j-4.8.1.1.jar). The CVEs that were identified are actually with ICU for C++. The following CVEs have been addressed by patching the Cognos 4.8.1 version of ICU for C++ (icu .dll or .so files). CVE Cognos APAR (or statement of not vulnerable) ------------- -------------------------------------------- CVE-2016-5725 PH08423 JSCH upgrade to jsch-0.1.55.jar (from 0.1.5.3) due to vulnerability CVE-2014-7923 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2014-8147 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2017-15422 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2014-9654 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2011-4599 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2014-8146 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2014-7926 PI95434 ICU for C++ [updates applied to icu .dll or .so files) CVE-2014-9911 Cognos is not vulnerable CVE-2015-5922 Cognos is not vulnerable CVE-2017-15396 Cognos is not vulnerable Description of fix: Upgraded from Cognos 11.0.13 to 11.0.13 IF1014. 12. IT29535/R17611/MFT-10397 (2019-06-12) Description of issue: Apache Commons FileUpload - Old Versions Still Exist After Upgrade (CVE-2016-1000031). A prior fix originally addressed this issue, which you can see further down in this fix list (IT25861/R568327 (2018-06-27)). However, the older commons-fileupload-1.3.2.jar erroneously remained in a Cognos directory (i.e. /Cognos/webapps/p2pd/WEB-INF/lib). Description of fix: Updated the installer to copy commons-fileupload-1.3.3.jar (instead of 1.3.2) into the above mentioned directory. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.2.0 iFix02 (Released 04/15/2019) 1. IT27408/R17480/MFT-9870 (2019-01-24) Description of issue: If a Control Center scheduled report is running when the connection to the Cognos is lost, either due to temporary unavailability or due to Cognos fail over from Active to Standby, the report fails. Description of fix: Added Control Center fail over logic to allow the scheduled reports to retry the failed report after the connection with Cognos has been re-established. Added new engine properties parameter COGNOS_REPORT_RECOVERY_RETRY_TIMES which defaults to 15 but can be set to any value 1 to 60. New Parameter: COGNOS_REPORT_RECOVERY_RETRY_TIMES=15 | 1-60 A failed Control Center scheduled report will retry 15 times (by default) before giving up. If the failure is just a temporary failed ping response, the recovery should only take 1-2 tries. If its a Cognos fail over, where the Standby Cognos is becoming the Active Cognos, it could take 8-15 tries, depending on how fast the fail over occurs. Each try takes 1 minute, so if you know it takes more than 15 minutes for your Standby Cognos can become active, you will need to change to a higher retry value. You can update this value by the web console properties panel by adding/updating this line in engine.properties: 15 For example, if it takes 18 minutes for your Standby Cognos to become the Active Cognos, set this value to 20 (18 plus a little buffer). Maximum value is 60. 2. R17517/MFT-10145 (2019-02-01) Description of issue: Unable to update data for several ICC service configurations Description of fix: Added DiscoveryService.xml, EventProcessorService.xml, and NodeConfigService.xml to the properties that may be viewed and updated via the ICC Web console. 3. IT28024 / MFT-10146 (2019-02-07) Description of issue: If the WebSphere locale is set to a locale not supported by ICC, message bundles are not loaded resulting in the web console not functioning. Description of fix: Added logic to load English versions of message bundles if the locale set is not supported by ICC. 4. IT28298 / MFT-10187 (2019-03-05) Description of issue: Control Center launch page statement of classic console minimum JRE level is incorrect. Description of fix: Change statement to JAVA 1.8 update 191. 5. IT28250/R17538/MFT-10169 (2019-03-08) Description of issue: Control Center cannot connect to a MSSQL database when the DB server is hardened (i.e. allows only TLSv1.2). In this scenario, the DB server requires the logon exchange to use TLSv1.2. However, the IBM JRE uses the default SSL context of TLS only (i.e. -Dcom.ibm.jsse2.overrideDefaultTLS=false). This protocol imcompatibility causes Control Center to fail when attempting any database connection. Description of fix: Changed the default SSL context to match that of the Oracle JRE (i.e. allow TLS V1.0, V1.1, and V1.2) via JVM property: -Dcom.ibm.jsse2.overrideDefaultTLS=true. In order to revert back to the old default value of -Dcom.ibm.jsse2.overrideDefaultTLS=false, set COM_IBM_JSSE2_OVERRIDE_DEFAULT_TLS=FALSE in /conf/InstallationInfo.properties per the following: InstallationInfo.properties JRE options.default ---------------------------------------- ---------------------------------------- COM_IBM_JSSE2_OVERRIDE_DEFAULT_TLS=FALSE -Dcom.ibm.jsse2.overrideDefaultTLS=false COM_IBM_JSSE2_OVERRIDE_DEFAULT_TLS=TRUE -Dcom.ibm.jsse2.overrideDefaultTLS=true property NOT specified -Dcom.ibm.jsse2.overrideDefaultTLS=true The above InstallationInfo.properties setting will cause the following options.default files to be updated during configCC.bat|sh execution: \jre\bin\default\options.default Windows (used if jvm NOT using compressed references) \jre\bin\compressedrefs\options.default Windows (used if jvm using compressed references) \Cognos\jre\bin\default\options.default Windows (used if jvm NOT using compressed references) \Cognos\jre\bin\compressedrefs\options.default Windows (used if jvm using compressed references) ----------------------------------------------------------------------------------------------------------------- /jre/lib/amd64/default/options.default Linux (used if jvm NOT using compressed references) /jre/lib/amd64/compressedrefs/options.default Linux (used if jvm using compressed references) /Cognos/jre/lib/amd64/default/options.default Linux (used if jvm NOT using compressed references) /Cognos/jre/lib/amd64/compressedrefs/options.default Linux (used if jvm using compressed references) ----------------------------------------------------------------------------------------------------------------- /jre/lib/ppc64/default/options.default AIX (used if jvm NOT using compressed references) /jre/lib/ppc64/compressedrefs/options.default AIX (used if jvm using compressed references) /Cognos/jre/lib/ppc64/default/options.default AIX (used if jvm NOT using compressed references) /Cognos/jre/lib/ppc64/compressedrefs/options.default AIX (used if jvm using compressed references) 6. IT28646 / R17542 / MFT-10209 (2019-03-13) Description of issue: Required IBM JRE upgrade to address CVE-2018-3180 (CVSS 5.6) in the Oct 2018 Java CPU and CVE-2018-1890 (CVSS 5.6) in the Jan 2019 Java CPU. Description of fix: Upgraded from 8.0.5.27 to 8.0.5.30. 7. IT28716 / R17553 / MFT-10239 / MFT-10240 / MFT-10259 / MFT-10261 (2019-03-22) Description of issue: Requirement to address the following vulnerabilities in Websphere/Liberty: CVE-2018-3169 CVSS 8.3 / CVE-2014-7810, CVSS 5 / CVE-2018-1767 CVSS 6.1 Description of fix: Upgraded Websphere Liberty to 19.0.0.2 (from 18.0.0.4). 8. IT28686 / R17559 / MFT-10200 (2019-04-05) Description of issue: Occasionally a scheduled "SFG Route Detail by Producer" report does not run to completion (i.e. no results returned). This was caused by producer being a null value in a record. Description of fix: Added guard code to allow the report to continue running when the producer is null. 9. IT28708 / R17561 / MFT-10188 (2019-04-06) Description of issue: Classic console does not show file agent status. Description of fix: Updated file agent handling. 10. IT28677 / R17558 /MFT-10252 (2019-04-08) Description of issue: Whenever the Red Hat Version is 6.10 or greater (version of 6.1x), then when comparing it with 6.5 (minimum required level) the result returned was erroneously that 6.10 is a lower version than 6.5 and because of that we were getting unsupported version of Linux error message during configCC. Description of fix: Added a new function to correctly compare the digits after decimal places. 11. IT28715 / R17562 / MFT-10260 (2019-04-08) Description of issue: Requirement to address the following vulnerability in Apache ActiveMQ: CVE-2019-0222 CVSS 7. Description of fix: Upgraded to Apache ActiveMQ 5.15.9 -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.2.0 iFix01 (Released 01/22/2019) 1. IT26990/R17454/MFT-10000 (2018-11-26) Description of issue: ICC was falling behind in monitoring of B2Bi servers because regardless of how much data was available, B2Bi would only respond with one record less than the limit specified by ICC. Description of fix: Rather than going in to catchup mode, which means the logic would not wait monitor rest time number of seconds before requesting more data, only when record limit number of records were returned, ICC will enter catchup mode whenever 90% of the specified record limit, or more, records are returned by the monitored server. 2. IT25800/R17352/MFT-9890 (2018-12-7) Description of issue: Database performance with MSSQL non-globalized databases still exists. Description of fix: A problem was discovered with the previous delivery for this issue where the database URL used by the EP still included SendStringParametersAsUnicode, with a value of FALSE, even when the user did choose to globalize the ICC MSSQL database. This problem is now rectified. 3. IT26855/R17435/MFT-9986 (2018-12-7) Description of issue: ICC would not start because the SLC service was unable to initialize itself. Description of fix: Problem was found in one specific SLC schedule whose monitor window started at the same time the transition from Daylight Saving Time to Standard time. The logic got stuck in a loop calculating the next time the SLC should be active. Fixed the logic to not loop. 4. R17471/CCP-14836 (2018-12-7) Description of issue: Using a CCAPI based application to retrieve DVGs, like the CCAPI Sample program does, results in a Null Pointer Exception being thrown. Description of fix: Changed the logic used both by the CCAPI and the engine to realize when it was being executed by a CCAPI based program and not run code that only works in the engine environment. 5. R17406/CCP-14719 (2018-12-7) Description of issue: Server view process count does not include queued processes. Description of fix: SQL used to ascertain the count of processes modified to find both completed and processes that have started, but not completed, within the timeframe to be displayed. 6. R17474/CCP-14837 (2018-12-9) Description of issue: When two configuration versions of the same object are created in the same millisecond the list of versions may be in the wrong order. Description of fix: The query to retrieve configuration versions was ammended to use the version ID as a tie breaker when the times the versions are created show to be the same. 7. IT27338/R17479/MFT-9871 (2018-12-12) Description of issue: Cognos creates a WIndows service which by default is set to start automatically after each machine re-boot. This can cause the Cognos service to be started outside the scope of Control Center and cause problems with Control Center / Cognos interoperability. Control Center must initiate Cognos startup during normal Control Center startup initialization. Description of fix: Added code during engine startup to ensure the Cognos Windows service is set to start on demand (instead of automatically), by issuing the following Windows Service Control command: sc config "IBM Cognos:ppppp" start= demand (where ppppp = Cognos dispatcher port). The following new messages will be seen in the engine log, showing the command execution and results: INFO CognosStarter - Running Windows Service Control command: [CMD, /C, sc config "IBM Cognos:ppppp" start= demand] INFO CognosStarter - [SC] ChangeServiceConfig SUCCESS INFO CognosStarter - Windows Service Control command Exit Value is 0 8. IT27184/R17473/MFT-10030 (2018-12-13) Description of issue: EventMonitor is in catchup mode and as a result SLCs generate false alerts. Description of fix: Sped up one aspect of the EventMonitor logic, revised the metrics it outputs once an hour, made it only log that it is in catchup when it transitions to that mode, and changed a query used by EventMonitor (for MSSQL only) to retrieve event data that caused some events to be processed by it more than once. (Note the query change made for MSSQL databases was a copy of the change made for R17484/MFT-10058 done in ICC releases 6110 and 6120). One new engine.properties property was added named EVENT_MONITOR_THREADS. It's default value is 2. You may set it to any valid integer starting at 1. In theory, the higher the value, the more threads that will be applied to make the one aspect of EventMonitor logic altered go faster. In reality, since threads require CPUs to run them, the hardware used to run ICC on will actually dictate the optimum value for EVENT_MONITOR_THREADS. Setting the value higher than 8 is not advised. 9. MFT-8464 / R17457 (2018-12-12) Description of issue: Email Action with an extra comma in the 'to' address gets error when trying to move from conf to CC_USER table, preventing the engine from starting. Description of fix: Modified code to recognize extra commas so null or blank email addresses don't get created. 10. CPP-14680 / R17389 (2018-12-12) Description of issue: The web console Email list addresses import address / export address links do not align to the end of the text box. Description of fix: Modified css to align import addresses / export addresses on web console Email List panel. 11. CCP-11246 / R17469 (2018-12-12) Description of issue: When a user with server=none permission redirects from the java console to the web console by selecting a server from the node tree, the web console gets a null pointer exception (NPE). Description of fix: If a user has server=none permission, redirect to the selected web console for all servers instead of trying to redirect to just that specific server. 12. IT27431 / R17487 / MFT-10063 (2018-12-19) Description of issue: The Data Collector (runDataCollector.bat|sh) is not including the /conf directory in the zip file. A non-related change erroneously caused the source path to not be fully qualified. Description of fix: Corrected the logic to construct the full path. 13. IT27657 / R17493 / MFT-10085 (2019-01-03) Description of issue: The Data Collector (runDataCollector.bat|sh) does not return to the command line prompt upon completion. A non-related change erroneously caused a java thread to remain active upon program exit, leaving the JVM active and never returning control to the script. Description of fix: Corrected the logic to ensure the program exited and correctly returns control the the runDataCollector script. 14. IT27662/R17485/MFT-10051 (2018-12-17) Description of issue: Control Center late sending out email notifications Description of fix: After ascertaining from metrics gathered produced by the initial changes for this problem that the queries used to set the arrived file source were primarily responsible for the processing slowdowns experienced when setting the SET_ARRIVED_FILE_SOURCE property true, the algorithm used to set the arrived file source values was altered to use an in memory cache of file names, which is updated while processing AFT data, while processing SFG data instead of queries. Two new engine properties were added: - B2BI_FILE_NAME_CACHE_SIZE and - USE_QUERY_TO_SET_ARRIVED_FILE_SOURCE B2BI_FILE_NAME_CACHE_SIZE takes any integer value greater than zero. It's default is 300000. USE_QUERY_TO_SET_ARRIVED_FILE_SOURCE takes either True or False. It's default is False. 15. IT27672/R17491/MFT-10086 (2019-01-07) Description of issue: Upgrade failing with unsupported driver file message when mssql-jdbc-7.0.0.jre8.jar used Description of fix: Addressed spots in logic that needed to be updated to allow valid JDBC driver file names to be specified without error. 16. CCP-14769 / MFT-10073 / R17476 (2019-01-07) Description of issue: Security scan found SerialDos Limited Deserialization Vulnerability Description of fix: Remove deserialization calls for the web server 10x pages. 17. CCP-14770 / MFT-10074 / R17477 (2019-01-07) Description of issue: Security scan found XML External Entity (XXE) Vulnerability Description of fix: Do not allow xml to set document type in web server. 18. CCP-14777 / MFT-10075 / R17486 (2019-01-07) Description of issue: Security scan found that alert comments have no input validation for harmful characters. Description of fix: Add validator to alert comments to not allow characters "& ` \" ' < > | #". 19. CCP-14768 / MFT-10105 / R17490 (2019-01-07) Description of issue: Security scan found Commons Collections Deserialization Vulnerability Description of fix: Upgrade from WebSphere Application Server 18.0.0.1 to WebSphere Application Server 18.0.0.4 20. CCP-14789 / MFT-10083 / R17489 (2019-01-08) Description of issue: Security scan found Missing or insecure "X-XSS-Protection" header Description of fix: Add a new security filter which sets the X-XSS-Protection header. 21. CCP-14790 / MFT-10083 / R17489 (2019-01-08) Description of issue: Security scan found Authentication Bypass Using HTTP Verb Tampering Description of fix: Add a new security filter which limits verbs that can be used. 22. CCP-14788 / MFT-10083 / R17489 (2019-01-08) Description of issue: Security scan found Missing or insecure "X-Content-Type-Options" header Description of fix: Add a new security filter which adds X-Content-Type-Options header. 23. CCP-14846 / MFT-10079 / R17488 (2019-01-08) Description of issue: Security scan found Missing Security Relevant HTTP Headers in Launch Page Description of fix: Add security headers to index.jsp for IBM Control Center launch page. 24. IT27713 / R17502 / MFT-10111 (2019-01-10) Description of issue: Due to changes made by IBM in November 2018 Data Collectors from Windows Servers will not unpack correctly in ECuRep Description of fix: Any place back slashes were used in archived files they have been replaced with forward slashes. 25. IT27740/R17503/MFT-10110 (2019-01-11) Description of issue: Customer had used an incorrect upgrade process, which resulted in Control Center not starting due to an "orphan CC_CONTROLLER record" Description of fix: At startup, logic was added such that if it finds the CC_CONTROLLER table references an EP that no longer exists, or a server that is not an EP, and there is but a single EP defined then update the CC_CONTROLLER table such that it will reference a valid EP and startup will continue rather than abort. In all cases, even when "recovery" is not performed, new messages will be written to the engine log describing the issue detected and the attempt to recover, or not, from it rather than just logging that a null pointer exception occurred. 26. R17504/CCP-14895 (2019-01-15) Description of issue: If Cognos report server debug is on, running reports results in the data collection / temporary table creation to occur twice. Description of fix: Modified debug logging in client side code to not call data collection a second time but to report the results from the prior call of the data collection. 27. IT27771/R17506/MFT-10115 (2019-01-15) Description of issue: Unable to open the classic console from the launch page. The level of JRE 8.0.5.22 was found to cause this intermittent problem. The error symptoms are as follows: On the client side the java console displays "JNLParseException[ Could not parse launch file. Error at line 0." On the web server side /web/wlp/usr/servers/defaultServer/logs/message.log displays "java.lang.NullPointerException". Description of fix: Upgraded the IBM JRE from 8.0.5.22 to 8.0.5.27. -------------------------------------------- ************************************************************************************************* All fix items listed ABOVE represent fixes made after 6.1.2.0 GA (i.e. 6.1.2.0 iFix01 and later). All fix items listed BELOW represent fixes included in 6.1.2.0 GA. ************************************************************************************************* -------------------------------------------- 6.1.2.0 (Released 12/15/2018) The following represent 6.1.1.0 iFixes included in 6.1.2.0 GA base release List of Fixes (or Enhancements) included in Control Center 6.1.1.0 iFix06 (Released mm/dd/yyyy - note: iFix06 was not yet released at time of this fix list compilation) 1. IT27092/R17456/CCP-14800 (2018-11-26) Description of issue: After enabling user key on 2 EP system, I cannot start engine nor can the user key be disabled on EP2 Description of fix: The logic used to see if the EP was already running previously needed to decrypt data before the user key was provided by the user. The logic was changed to not need the user key at that point during EP startup. 2. IT26933/R17436/MFT-9952 (2018-11-26) Description of issue: User key shows in plain text in the web console looking at Manage EP Properties Description of fix: Obfuscated the user key in the logs and in the display of the web console. 3. IT27093/R17460/CCP-14806 (2018-11-26) Description of issue: SEAS authenticated user cannot run reports via swing and UI or get to Cognos Welcome Page. Description of fix: Went back to using one time tokens instead of user ID and passwords for authentications because ICC does not know/retain password for SEAS authenticated users. 4. IT25800/R17352/MFT-9890 (2018-12-2) Description of issue: Database performance with MSSQL non-globalized databases. Description of fix: For new MSSQL databases, when globalized, character columns will all be NVARCHAR, and when not globalized all character columns will be VARCHAR. Also, when using a non-globalized database, the database connection URL will now include a new parameter - SendStringParametersAsUnicode, with a value of FALSE. The default value for this parameter is TRUE, but when TRUE, and using a non-globalized database, the database server tends to not use existing indices, slowing database performance. 5. R17406 (2018-12-2) Description of issue: Process count for server view did not include queued processes. Description of fix: Fixed logic to account for queued and completed processes in count for server view. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.1.0 iFix05 (Released 11/15/2018) 1. IT25712/R572061 (2018-08-03) Description of issue: Process summarization is slow. Description of fix: Added logic to output metrics from the process summarization logic once an hour to the engine logs so we can know where time is being spent. Also, two properties - DO_NOT_CALCULATE_ROW_COUNTS and PROCS_TO_SUMMARIZE_AT_ONCE, may now be updated and an engine restart for them to take effect is no longer required. Now, as soon as those properties are changed, they will be used. Additional engine logging to show property settings, along with when they are changed, has been added. 2. IT25897/R572786 (2018-08-03) Description of issue: Occasionally reports fail with error CM-CAM-4005 Unable to authenticate because the ICC to Cognos login has expired. And scheduled reports sometimes attempt to run before Cognos is fully up and configured. Description of fix: The login should only expire after a year of inactivity or if Cognos crashes but for some reason it is expiring after hours or days so added logic to check every minute that the Cognos login is still valid and if it gets a authentication error, login again. If a report fails on its first attempt due to authentication errors, wait one minute (so re-login can be done) and then try again. Also, do not allow scheduled reports to run unless Cognos is fully up and configured. If a scheduled report tries to run before Cognos is ready, it will wait a minute and try again until Cognos is ready. 3. IT25932/R17348 (2018-08-14) Description of issue: Null pointer exceptions occurred while processing events when checking a role that had been recently deleted. Description of fix: Ensure the role associated with a user about to be notified still exists before referencing it. 4. IT26069/MFT-9885/R17354 (2018-08-31) Description of issue: When running configCC to update Cognos properties, the EP's LAST_CHECKIN value gets updated in the CC_SERVER table, falsely implying the EP is running. Description of fix: Changed code to not update the CC_SERVER.LAST_CHECKIN value when configCC is run. 5. IT26242/MFT-9897/R17357 (2018-09-10) Description of issue: Using the web console to view events, completed processes, and completed file transfers for individual servers is slow. That slowness was determined to be due to the queries run by the web console logic to get the data back as far as a year from the present date. Description of fix: Added a new engine property - DEFAULT_DAYS_OF_HISTORY, with a default value of 366. When this engine property is specified, it can be used to reduce the range of data selected caused to be selected by the web console, which can reduce the amount of time it takes for the queries to run, making the web console seem to run faster. Valid value for DEFAULT_DAYS_OF_HISTORY is an integer, value 1 and higher. 6. IT26279/MFT-9884/R17349 (2018-09-14) Description of issue: Query to retrieve events associated with a component is very slow. Description of fix: A new index was added to the EVENTS table named EVENTS_COMPONENTS. Also, changes were made to ensure events associated with components set a value for EVENTS.COMPONENT_ID as they should. Finally, an issue found when attempting to stop or start a B2Bi adapter associated with multiple nodes was corrected. 7. IT26308/MFT-9919 (2018-09-14) Description of issue: Customer received a Cognos email notification due the mobile "Apple Push Notification" certificate nearing expiration. The following warning message was also observerd in \Cognos\logs\mob.log: "2018-09-10 19:30:08,889 [pool-47-thread-1] WARN com.cognos.mobile.server.apns.APNSCertificateExpiredChecker - Your Apple Push Notification Certificate will expire in 9 days." This certificate expires yearly, but does not cause any functional / operational issue with the product, since the mobile feature is not used. Description of fix: Updated the installer with the latest Apple Push Notification certificate. There will be a subsequent Control Center fix to attempt to permanently disable the mobile feature within Cognos, as to avoid having to update the certificate annually. Please refer to the following link if you would like to update the certificate yourself in lieu of applying the fix package for this issue: http://www-01.ibm.com/support/docview.wss?uid=swg24034258 8. No APAR/CCP-14678/R17359 (2018-09-14) Description of issue: The Cognos supplied jre located in /Cognos/jre sometimes might be lagging behind the latest Control Center supplied jre by one or more fix pack levels. Descripton of fix: Modified the installer to copy /jre to /Cognos/jre during installation/upgrade. 9.IT26462//MFT-9904/R17366 (2018-10-05) Description of issue: configCC is not remembering the Cognos database is a RAC SCAN. When an Oracle (RAC) SCAN database connection is configured, and the user prompts configCC to re-configure Cognos, the context of the database is mis-interpereted and the following existing values are either incorrectly displayed or missing altogether in the following user input display prompts: Cognos configuration ... Is your database for Cognos an Oracle RAC environment?(Y/N) [N] : ---> should be [Y] How many nodes are in this Oracle RAC environment? [2] ---> should be [1] Provide the database host name for Cognos: 1 []. : ---> should be [existing DB host]) Provide the database port number for Cognos: 1 []. : ---> should be [existing DB port]) When an Oracle (RAC) SCAN database connection is configured, and the user prompts configCC to NOT re-configure Cognos, the wrong database URL (connection string) is generated and congigCC fails due to a DB connection error. Description of fix: Corrected the logic to properly recognize the existing database is an Oracle RAC SCAN (i.e. only one host/ip pair is specified). 10. IT26600/R17383/MFT-9962 (2018-10-11) Description of issue: Required IBM JRE upgrade to address CVE-2018-1656 in the July 2018 Java CPU. Description of fix: Upgraded from 8.0.5.17 to 8.0.5.22. 11. R17413 (2018-10-22) Description of issue: The process count for servers in the Web console Server Group view did not necessarily include the count of queued processes. Description of fix: Corrected the query used to get the process count in two ways. First, the query now looks for processess started in a specific range to include queued processes. Plus, the date range used in the query now utilizes the engine property DEFAULT_DAYS_OF_HISTORY instead of always going back a full year. 12. IT26695/R17412/MFT-9960 (2018-10-22) Description of issue: Web console initiates a SELECT on the EVENTS table with no WHERE clause when handling multiple alerts if there are both Linked Rule and SLC alerts Description of fix: Corrected the logic used to find Linked Rule and SLC alerts to prevent a SELECT with no WHERE clause from being initiated to prevent a perceived hang in the Web console 13. IT26875/R17439/MFT-9999 (2018-11-08) Description of issue: Address security issues in ActiveMQ 5.14.2. Description of fix: Upgraded ActiveMQ to 5.15.6. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.1.0 iFix04 (Released 07/31/2018) 1. IT25144/R568829 (2018-05-23) Description of issue: When the first ICC user with role superuser is a externally authenticated user, ICC is not able to connect to Cognos due to an authentication failure. Description of fix: Changed code to distinguish between a null password and an blank password so that the token is used during authentication. 2. IT25146/R569306 (2018-05-24) Description if issue: Data stored in CONFIG_JOBS related to configuration management jobs is not purged according to the system's purge settings when the database has been partitioned. Description of fix: Added logic to initiate the purge of configuration management jobs from CONFIG_JOBS when a partitioned database is used. 3. IT25131/R568413 (2018-05-25) Description of issue: When IBM Control Center is installed using a MSSQL instance name, subsequent runs of configCC gets array index error when trying to process the instance name. Description of fix: Modified configCC to handle MSSQL Instance names. Modified Install Anywhere to not allow back slash in MSSQL host name for Cognos database. 4. IT25218/R568634 (2018-06-01) Description of issue: Control Center displaying incorrect CD Secure Plus enabled setting in server list view. Description of fix: Properly handle values returned by CD servers. Note that CDU will require an update. 5. IT25263/R562272 (2018-06-06) Description of issue: Data collector utility incurs an out of memory when running. Description of fix: Changed logic to read data added to data collector output in chunks instead of a file at a time to avoid problems when extremely large files exist. New property, DC_BUFFER_SIZE, added, with a default of 100000000 (100MB), which may be adjusted via the script/bat file used to run the utility if necessary. 6. IT25093/R568223 (2018-06-14) Description of issue: Control Center 6.0.0.1 and 6.1 - Performance/Deadlocks. Description of fix: Deadlock occurring on MSSQL server caused by contention between the query that inserted data in to EVENTS and a second query that updated alert events related to an SLC that were to be automatically handled. The update event logic was made more efficient to reduce contention on the EVENTS database table. 7. IT25395/R570754 (2018-06-18) Description of issue: Records Missing from CC_PROCESS table. Description of fix: Malformed JSON documents received from an OSA server were noted in the engine log with no helpful information. Logic was added to include the ID of the event, the ID of the originating server, as well as the JSON document text in the exception that is logged. 8. IT25405/R570773 (2018-06-18) Description of issue: Arrived file route and delivery step names need to be unique to facilitate step based SLCs. Description of fix: Instead of just using ArrivedFile, Route and Delivery for step names, the arrived file key, route key, and delivery key values will be appended to the respective step names created to make them all unique. 9. IT25413/R570840 (2018-06-19) Description of issue: When an invalid response from the B2Bi server was received it's logged, and when that response contained a password, it was not obfuscated. Description of fix: Added a new XML element name, auth, to the list of elements whose values need to be obfuscated before they are logged. 10. IT25861/R568327 (2018-06-27) Description of issue: Required upgrade of current version of Websphere Liberty in order to address CVE-2016-1000031 (apache commons-fileupload). Original Websphere Security Bulletin: https://www-01.ibm.com/support/docview.wss?uid=swg22011428 Description of fix: Upgraded Liberty from 16.0.0.4 to 18.0.0.1. 11. IT25541/R571451 (2018-06-27) Description of issue: Required upgrade to current thirdparty components (quartz and jgoodies). Description of fix: Upgraded to the latest component jar files. 12. IT25517/R571053/R571448 (2018-06-29) Description of issue: SFG Data received from B2Bi repeatedly causing an exception resulting in ICC erroneously showing the server as down. Description of fix: Logic added to watch for this situation and avoid exceptions being incurred with no loss of data. 13. IT25622/R571843 (2018-07-09) Description of issue: Unable to use the CCAPI to retrieve server details for a server in a NEVER_CONTACTED status. Description of fix: Logic had been added to code used by the CCAPI and the Control Center EP and it should only run when running in an EP environment, otherwise an exception is thrown. Code was added to prevent this from occurring. 14: IT25397/R570710 (2018-07-06) Description of issue: Cognos schedules (not ICC schedules) are failing because they are authenticated using tokens and the token is deleted after being authenticated so they are not available for reuse. Description of fix: Changed the Cognos schedule authentication to use encrypted passwords and not tokens. Note, you will need to delete any existing Cognos schedule (the schedules created via the Cognos GUI, not those created via the ICC Java console GUI) and recreate them after installing this fix. 15. IT25542/R569559 (2018-07-06) Description of issue: When multiple Control Center Automated Reports use separate schedules with the same time, the reports can fail with an CANNOT_FORWARD_TO_ABSOLUTE_AFFINITY_NODE error. Description of fix: Modified the code to call the Cognos email logic inside the Cognos lock where the report is run instead of it running outside of the Cognos lock. 16. IT25678/R572140 (2018-07-20) Description of issue: When Cognos is starting and ICC is configuring it, a repetitive Null Pointer Exception causes large core dumps. Description of fix: Correct the Null Pointer Exception in a Cognos configuration debug message. 17. IT25712/R572061 (2018-07-23) Description of issue: Process summarization slow. Inefficient logic found in MQMFT node service logic, which may or may not be related, found. Description of fix: Logic that converts MQMFT data into IBM Control Center events was made more efficient. Also, logic was added to the Process summary service to cause it to output helpful metrics, once an hour, to the engine log file. Plus new warnings will be logged if the time it takes to summarize a process, or a file transfer, takes too long. Two new engine properties, MAX_TIME_TO_SUMMARIZE_PROCESS_WITHOUT_WARNING and MAX_TIME_TO_SUMMARIZE_FILE_TRANSFER_WITHOUT_WARNING, whose defaults are both 2000 (milliseconds), govern when those warnings would be logged. 18. IT25792/R572446 (2018-07-25) Description of issue: Sometimes java console users get error XQE-PLN-0148 when attempting to run a report and web console users get error DPR-ERR-2058 when going to the workspaces. Description of fix: ICC roles are only being added to Cognos accounts when the Cognos Authentication Module search method when it needs to be called with the first authentication to ensure its in place at the time needed. Added the loading of ICC users and roles to Cognos accounts at the time ICC connects to Cognos for the first time. 19. IT25676/R572148 (2018-07-27) Description of issue: Logic handling Server Component cluster events looks for the Server value in the event and throws an exception when it is not there. Also seeing ORA-02395 errors. Description of fix: Turns out the logic creating the Server Component cluster events used a string for server that actually gets translated when ICC runs in other countries, so it was changed to use a fixed constant of "ServerID" so this problem would not occur. For ORA-02395 errors, a new engine property, DO_NOT_CALCULATE_ROW_COUNTS, when specified with a value of TRUE, will tell ICC to not count the rows in its tables at startup and when the daily purge operation is done. 20. R571681 (2018-07-27) Description if issue: Handle new CDU initparm for file.ioexit. Description of fix: Added logic to support file.ioexit. 21. IT25868/R572233 (2018-07-17) Description of issue: Required IBM JRE upgrade to address CVE-2018-2783 in the April 2018 Java CPU. Original IBM Java APAR article: https://www-01.ibm.com/support/docview.wss?uid=swg1IJ06343 Description of fix: Upgraded from 8.0.5.10 to 8.0.5.17. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.1.0 iFix03 (Released 05/22/2018) 1. IT24844/R567618 (2018-04-25) Description of issue: When executing configCC.sh on a Linux RedHat 6 system, the error messages displaying the required Cognos libraries erroneously displayed the following RedHat 7 libraries: glibc-2.17-55.el7 (both i686 and x86_64 packages) libstdc++-4.8.2-16.el7 (both i686 and x86_64 packages) nspr-4.10.2-4.el7 (both i686 and x86_64 packages) nss-3.15.4-6.el7 (both i686 and x86_64 packages) motif-2.3.4-7.el7 (both i686 and x86_64 packages) Description of fix: Corrected the error messages to display the following RedHat 6 libraries: glibc-2.12-1.166.el6_7.1 (both i686 and x86_64 packages) libstdc++-4.4.7-16.el6 (both i386 and x86_64 packages) nspr-4.9.2-1.el6 (both i386 and x86_64 packages) nss-3.14.0.0-12.el6 (both i386 and x86_64 packages) openmotif-2.3.3-5.el6_3 (both i386 and x86_64 packages) 2. T24806/R565294 (2018-04-28) Description of issue: B2B node status and adapter status changes are only updated in Swing connected to the EP monitoring B2B. Description of fix: Updated logic to handle update events related to server components initiated by another EP for all Swing consoles regardless of the EP they're connected to. 3. R567012 / IT24932 (2018-05-02) Description of issue: Sometimes the Control Center engine cannot connect to Cognos even when Cognos is up due to installationInfo error because CONFIG_DIR has not been set. Description of fix: If Cognos saves a credential or a trusted credential, and when Cognos is started that credential is used instead of the values from the URL, then CONFIG_DIR is not set since its not saved in the Cognos credentials. This fix saves the CONFIG_DIR in the Cognos credentials. 4. IT25081/R568293 (2018-05-05) Description if issue: The jar signing certificate used by Control Center are set to expire on June 21, 2018. Control will stop functioning on this date. You must upgrade to 6.1.1.0 iFix03 or later in order to correct this. Description of fix: Replaced the certificate used for signing the jar files with a multi-year expiration date. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.1.0 iFix02 (Released 04/16/2018) 1. IT24101/R562331 (2018-02-19) Description of issue: Issues using tag mapping when trying to map the process data value Description of fix: The logic did not attempt to copy the processData element from the event when setting the EVENTS.TAG_XML column, which meant the mapped value for it was not there when the summarizer logic ran. 2. IT24100/R562520 (2018-02-19) Description of issue: Events passed to the DefaultSummarizer summarize method were missing values for message ID, message short text, and CC name Description of fix: Updated the SQL used to select data from EVENTS, which is subsequently used to create the event data passed to the summarizer method, to retrieve MSG_ID, SHORT_MSG, and CC_NAME. 3. IT23965/R556985 (2018/02/28) Description of Issue: The SFG Route Detail by Producer report is very slow when there are a large number of row in the EVENTS table. For some customers, its taking 4 hours to run the report. Description of Fix: Modified the query used to get the SFG Route Detail by Producer report data for better performance. Performance should go from hours to minutes. Created a new V_SFG_ROUTE_PRODUCER_REPORT view with just the columns needed for the report. Updated scripts to create the new View when ICC is installed or upgraded. Updated ReportService.xml to add new reportRecordReadLimit parameter with a default of 100000. Modified the java console report sort panel to specify "Max Database Records to Read" instead of "Max Records Returned" for the SFG Route Detail by Producer report. Modified the SFG Route Detail by Producer report filter code to account for missing data. Removed the filter for Consumer / Consumer File Name / Status from the SQL and let the filtering be done by code. Changed the status filter to be a drop down list with Routed and Failed as the two Process Status choices. New ReportService.xml parameter: reportRecordReadLimit=100000 Description: Determines the maximum value that can be set on the java console SFG Route Detail by Producer report Sort panel, "Max Database Records to Read" field. Determines the maximum number of records read from the database when generating the report. For example, if ReportService.xml has reportRecordReadLimit=400000, and the SFG Route Detail by Producer report Sort panel has "Max Database Records to Read"=200000, then when the SFG Route Detail by Producer report is run, it will read 200,000 records from V_SFG_ROUTE_PRODUCER_REPORT to generate the report. And since the SFG Route Detail by Producer report usually creates one report row per multiple records read, the resulting report will have less than 200,000 rows. If the report does not have as many rows of data as you want to see, increase "Max Database Records to Read" (to a max of 400000) on the sort panel until you get the desired number of rows. 4. IT24259/R562910 (2018-03-02) Description of issue: The web console does not reflect the correct number of adapters for a B2Bi cluster in the Web console dashboard after one of the nodes is stopped. Description of fix: Addressed a logic problem that caused the database to not be updated appropriately when the number of adapters changed. 5. IT24261/R563562 (2018-03-05) Description of issue: When CCenterHttpsParms.properties file is also copied on the Desktop it overrides what is in the \users\ folder but updates aren't saved there Description of fix: Whereever CCenterHttpsParms.properties file is, when updates are made, they will be saved to the original location of the properties file now 6. IT24298/R561033 (2018-03-06) Description of issue: The Remote node for Connect:Direct processes is not able to be seen, or filtered on, in the Web console queued process view as it was in the Java console Description of fix: The ability to customize the Web console's queued process view was added like it currently exists for the Completed process and file transfer views, and a Filter button was added to the Queued process view also like the one that exists in the Complete process and other views. 7. IT24187/R562809 (2018-02-23) Description of Issue: Server is being pauses when a batch update fails with a SQL Exception when the database is temporarily unavailable. Description of Fix: The recovery logic is checking the batch level SQL error codes / SQL state against DatabaseProperties.xml to see if a retry is needed when it needs to check the underlying record level SQL exception. Modified the recovery logic to check the error codes / SQL states of the record level exception instead of the batch level exception. Also added additional logging to show the error codes / SQL state of the exception that causes the batch not to retry to help with debugging. 8. IT24187/R564687 (2018-03-16) Description of issue: A monitored SI server was paused by the application during a short DB maintenance outage and server monitoring had to be manually resumed. Description of fix: Added DB2 error state 40506 and error code -1476 values to /conf/services/system/DatabaseProperties.xml. Including these values in the file will cause the server to NOT be paused when the DB2 data base is temporarily unavailable. This a follow-on to fix R562809 (Server getting paused when database maintenance performed), which made changes to expose the above mentioned error codes from within a generalized SQL batch update failure/code. 9. IT24428/R510512 (2018-03-20) Description of issue: The descriptions on the API Get Completed File List are wrong for how to enter date format and time format Description of fix: Description and help text for time format was updated. Turns out the date format documentation is correct. 10. IT24455/R565261 (2018-03-22) Description of issue: Control Center failed to start because two monitored servers with the same name existed in the database. Description of fix: If two users connected to different EPs created monitored servers with the same name at the same time it was possible to create two entries in the CC_SERVER table with the same name. An additional check was added to the console logic to prevent this from occurring. 11. IT24457/R565273 (2018-03-22) Description of issue: Server-type column settings for Completed Processes view are not being applied when viewing processes in a server-specific group. Description of fix: Addressed logic issue by passing types of servers in the group, instead of null, to the table display view logic. 12. IT24454/R565267 (2018-03-22) Description of issue: When running Alerts report, handled time and comment date are in UTC instead of preferred time Description of fix: Updated the Cognos configuration file for the report to convert the handled time and comment date to the user's preferred time zone. 13. IT24491/R564697 (2018-03-22) Description of issue: Changing the cert label to be used for a secure plus node required entering the cert reporisitory pass phrase which is not required for z/OS keyrings. Description of fix: Only require the pass phrase when specifying a new key database file for z/OS. 14. IT24549/R565301 (2018-03-27) Description of issue: RESTful API for roles (sccwebclient/svc/roles/) not returning correct information Description of fix: Updated the logic that ascertains the roles a user should be able to view based on thier role, and those are the roles the API will now return. 15. IT24576/R561198 (2018-03-29) Description of issue: ICC Secure+ Trusted Certificates Report does not honor updates to server groups unless the engine is restarted and sometimes hangs when submitted by the GUI console. Description of fix: Changed the code to get the server group list of servers from the engine server group manager cache instead of the old proxy cache that is not kept up to date. Changed the engine code to get the trusted certificates from the configuration cache instead of submitting a CD refresh job which could fail and hang the report. 16. IT24595/R561809 (2018-04-03) Description of issue: Unable to import renewed Secure+ certificate. Description of fix: Update code to pass required import mode to target CD. 17. IT24671/R561114 (2018-04-10) Description of Issue: Cognos user shown in Cognos Connection and Cognos Viewer panels show the first ICC user with superuser role instead of the web console or java console user. Description of Fix: When validating user on Cognos URLs, send a rest request to the ICC Engine to properly validate the user. Note: When a user has been authenticated to Cognos, Cognos creates a cam_passport cookie for that user. Cognos only allows a Cognos name space to be authenticated to once per browser session. So, even with this fix, if you sign on to the web console and go to the Group or Personal workspace, that user is authenticated to Cognos and saved into the cam_passport cookie. If you then open another window in the same browser and sign on to the web console with a different ICC user and go to the Group or Personal workspace, Cognos will not authenticate the new user but use the already authenticated from the first browser window. Once the browser session ends and the cam_passport cookie is deleted, the next workspace URL will cause that user to be authenticated. This is also true for the user shown on the Cognos Connection panel. This is a normal feature of browsers, keeping authenticated users in cookies so the user does not have to be re-authenticated until the session expires. 18. IT24686/R565758 (2018-04-19) Description of issue: When clicking on a Sterling File Gateway process in the Web console Completed process view, an error message that says "A system error has occurred. Please contact your system administrator." is displayed. Description of fix: The issue was caused by a message key word whose prefix contained an invalid XML character - "Params/". The fix was to eliminate "Params/" prefix from the keyword name. 19. IT24569/R565795 (2018-04-03) Description of issue: Required upgrade to Java 8.0.5.10 to resolve Jan 2018 quarterly Java security issues. Description of fix: Upgraded to Java 8.0.5.10. -------------------------------------------- List of Fixes (or Enhancements) included in Control Center 6.1.1.0 iFix01 (Released 02/14/2018) 1. IT23241/R556186 (2017-12-13) Description of issue: Even when the Engine.log4j rootlogger is set to ERROR, INFO level messages are written to the logs by node services. Description of fix: Node service logic would log data at DEBUG level when tracing was enabled, or at INFO level when tracing was disabled. Fixed Node service logic to log at level set for rootlogger when tracing disabled. 2. R557669 (2017-12-13) Description of issue: The datacollector did not include the files in the Cognos/wlp/usr/servers/cognosserver/logs folder in its output. Description of fix: Updated the datacollector logic to include the files in the Cognos/wlp/usr/servers/cognosserver/logs folder in its output. 3. RTC 556229 (2017-12-02) Description of issue: FTP W3C logs can cause a NumberFormatException if cs_bytes and sc_bytes have a dash. Description of fix: Allow W3C logs to have a dash in cs_bytes and sc_bytes. 4. IT23437/R557585 (2017-12-12) Description of Issue: Get Active Alerts and Get Active Alerts by Severity API's don't return alert id so user can't use it to call Handle Alert API. Description of Fix: Add alert id to the Get Active Alerts and Get Active Alerts by Severity API results. 5. IT23471 / R554775 (2017-12-13) Description of Issue: Cognos scheduled reports do not always run due to authentication errors when ICC tokens expire. Description of Fix: Modified Cognos authentication to use encoded password for authentication instead of ICC token which are deleted after authentication. 6. IT23328/R556467 (2017-12-20) Description of issue: Connection error when trying to make HTTPS requests to the Control Center API tool using the Interactive Console (via launch page), the following error results: Error in interactive console display: "Remote host closed connection during handshake". Error in Websphere/Liberty message log: E CWWKO0801E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported. This error only occurs when restricting the web server to use TLSv1.2 (i.e. engine.properties contains TLSv1.2). Description of fix: During engine startup, ensure the WLP jvm.options file (located in /web/wlp/usr/servers/defaultServer/jvm.options) contains the following property: -Dcom.ibm.jsse2.overrideDefaultTLS =true. When the value is set to true, it has the effect to allow/use TLSv1.2. 7. R556861 (2017-12-28) Description of issue: Failed HTTP REST call from Cognos Authentication Provider to ICC Web Service does not show HTTP response code. And commons-codec-1.9.jar is not being copied to Cognos AAA/lib. Description of fix: Add logging to SCCVisa to display the HTTP REST response code when debugging is enabled. Changed installer to copy commons-codec-1.9.jar to Cognos AAA/lib. 8. R555829 (2017-11-14) Description of issue: Updating users and roles is slow. Description of fix: A small inefficiency was removed from one part of the logic used to update and create roles. 9. R555828 (2017-11-14) Description of issue: CCAPI based application was able to construct a user object that referenced a role that was not in the database causing Control Center to not be able to be successfully restarted. Description of fix: The user creation logic will now throw an exception, instead of proceeding, when the role it references is not found in the Control Center database. 10. IT23618/R558893 (2018-01-09) Description of issue: The following obsolete Cognos jar/script files caused multiple vulnerabilities to be flagged during a scan. /Cognos/webapps/p2pd/WEB-INF/lib/commons-fileupload-1.3.jar /Cognos/webapps/p2pd/WEB-INF/lib/shiro-core-1.2.1.jar /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/tzparse.py Description of fix: Updated the Control Center installer to remove these files during install/upgrade, to ensure there are no future false positive hits against these files 11.IT23612/R558657 (2018-01-04) Description of Issue: When ulimit is not set properly, Cognos BIBusTKServer process runs out of thread resources, leaving potentially thousands of pids, if Cognos is left up for weeks and the ulimit issue is not corrected. Then when Cognos is stopped, ICC tries to kill all those pids as listed in the cogserver.log, resulting in long delays. Description of Fix: When ICC detects that cogserver.log has more than the typical number of pids, issue a warning messages that Cognos has installation issues and don't try to kill all the pids. When this issue is hit after this fix has been applied, the Engine log will show these two new messages: WARN CognosStopper - Not running the Cognos stopper script to kill PIDs since there are more PIDs than normal. WARN CognosStopper - Check your Cognos cogserver log and your ICC CognosReportService log for installation errors that should be resolved. 12. IT23603/R559220 (2018-01-04) Description of Issue: Cognos takes too long to start when there are lots (100s or 1000s) of ICC roles defined. Description of Fix: Rewrite the logic that maps ICC roles to Cognos roles to reduce the number of Cognos queries needed from several thousand to a dozen. And remove the updating of workspace permission on workspace folders if the folders already exist. 13. IT23628/R558939 (2018-01-06) Description of Issue: Getting IllegalArgumentException for DAY_OF_WEEK when trying to open any SLC Schedule or Rule using the web console. Caused by having monthly calendars defined that are set for the last day of the month or the last weekday of the month. Description of Fix: Modified the web console calendar summary logic to recognize when DAY_OF_WEEK setting is for the last day of the month or the last weekday of the month. 14. IT23638/R557097 (2018-01-05) Description of issue: The following obsolete Cognos script file caused multiple vulnerabilities to be flagged during a scan. /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/stat.py Description of fix: Updated the Control Center installer to remove this file during install/upgrade, to ensure there are no future false positive hits against this file. 15. IT23618/R558893 (2018-01-09) Description of issue: The following obsolete Cognos jar/script files caused multiple vulnerabilities to be flagged during a scan. /Cognos/webapps/p2pd/WEB-INF/lib/commons-fileupload-1.3.jar /Cognos/webapps/p2pd/WEB-INF/lib/shiro-core-1.2.1.jar /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/tzparse.py Description of fix: Updated the Control Center installer to remove these files during install/upgrade, to ensure there are no future false positive hits against these files 16. IT23672/R557556 (2018-01-09) Description of issue: Some criteria was missing in the rule filter selection drop down menu for BP (Business Process) and AFT (Advanced File Transfer) events. Description of fix: Added the missing property attributes to cause all BP and AFT event criteria to be presented in the rule filter selection drop down menu. 17. R559666 (2018-01-16) Description of issue: When viewing alert details, the related events shown may be for the wrong process when multiple processes have the same ID. Description of fix: Updated the query used to find the correct process events to use more than just the process ID. 18. IT23749/R557171 (2018-01-16) Description of issue: Updates made via a console connected to one EP to an Action's email details are not propagated to other EPs in the same cluster. Description of fix: When Action's email details are updated, a cluster event is now generated, and looked for by all EPs and appropriate updates are now performed. 19. IT23757/R559844 (2018-02-03) Description of issue: The following obsolete Cognos script files and a cdbrowser jar file caused multiple vulnerabilities to be flagged during a scan. /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/commands.py /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/imghdr.py /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/this.py /Cognos/webapps/p2pd/WEB-INF/lib/jython/Lib/xml/dom/NodeFilter.py /web/wlp/usr/shared/apps/cdbrowser/cdbrowser.war/WEB-INF/lib/jasper-runtime-5.5.15.jar Description of fix: Updated the Control Center installer to remove these files during install/upgrade, to ensure there are no future false positive hits against this file. 20. R560640 (2018-01-24) Description of issue: Seeing ERROR OSCommand - cannot run program "winmsd" at EP startup in engine log when EP starts. Description of fix: Added one more OS type to the list of systems winmsd is not run on. 21. R560630 (2018-01-24) Description of issue: See empty error message when attempting to logon via Swing console. Description of fix: Updated the jar used for JAAS when running the console with the IBM JRE on Windows 10. 22. IT23835/R559392 (2018-01-25) Description of issue: Error occurred migrating installation from Windows Server 2008 to Windows Server 2012 R2. Description of fix: Fixed logic to allow migration from any Windows Server OS to another Windows Server OS. 23. IT23818/R558900 (2018-01-25) Description of issue: A MSSQL database was erroneously globalized when a new instance 2 of Control Center was installed using an exported conf from instance 1 -and- with a new/clean database. When instance 1 was originally installed, the user selected NO to the prompt: "Do you want your database to support globalization? If you select yes, your database size can increase significantly." The database in the original instance 1 was correctly NOT globalized. However, during the original installation, the following property was erroneously set in /conf/InstallationInfo.properties: CCENTER_MSSQL_GLOBAL=true (it should have been set to false). This is what caused the database in instance 2 to be erroneously globalized. Note: The globalization in instance 2 only occurred in this particular scenario (i.e. using an exported conf with a clean new database) during the install. Description of fix: Corrected the configuration logic to ensure the proper value is set in InstallationInfo.properties (true|false), per the user answer (yes|no). 24. IT23750/R559520 (2018-01-27) Description of Issue: Users are able to use Cognos Report via the java and web console before Cognos is fully ready because it's status is set to STARTED too soon. Description of Fix: Changed the code to only set Cognos status to STARTED after all configuration of Cognos is complete. 25. IT23913/R561229 (2018-02-06) Description of issue: When running the Monthly File Transfer Activity Report multiple rows for the same server were shown for each month. Description of fix: It was ascertained that there would be multiple rows for a single server in the report if it happened to have been assigned to more than one EP while monitored transfers transpired. The SQL used to build the report data was modified to address this feature so only one row per server would be produced. 26. IT23937/R559843 (2018-02-07) Description of issue: ICC takes a long time to connect to Cognos when there are lots of ICC Roles/Users defined. Also, reports with large number of rows could cause java heap OutOfMemory errors. Description of fix: When ICC queries Cognos for roles, its the Cognos authentication provider that gets the roles and it was not coded to honor the paging of roles. Paging was added to the authentication provider search method. Also, removed unnecessary calls to Cognos to get report output since it was not needed and was causing OOM errors. 27. IT23999/R561606 (2018-02-09) Description of Issue: The Data Collector and the configuration exporter is not exporting the correct version of JDBCService.xml. And the SQL retry logic for engine restart is comparing SQL state against DatabaseProperties.xml needRestart errorCodes value instead of needRestart errorStates. Description of Fix: Modified the exporter to export JDBCService.xml from conf instead of from CC_FILES. Changed the SQL retry logic to compare SQL state against DatabaseProperties.xml needRestart errorStates instead of against needRestart errorCodes. 28. IT24122/R561380 (2018-02-06) Description of fix: The truststore/keystore password, was sometimes displayed in the clear in the server properties panel for SI servers. Description of issue: Modified the logic to always mask the store password(s) in the display. --------------------------------------------