Please Read: Before starting the Control Center upgrade/uninstall process, you must backup the entire "conf" directory found under Control Center install location. Please follow the steps below before upgrading: The following instructions apply to maintenance upgrades. 1. Stop Control Center engine If you are upgrading from a pre-6.1.2.1 release to 6.1.3.0 (i.e. upgrading FROM 5.4.2.2 through 6.1.2.0 TO 6.1.3.0), the initial upgrade to 6.1.3.0 cannot be a rolling upgrade. You must bring down all EPs and upgrade each EP to 6.1.3.0 before starting any of the EPs again. All EPs must be in sync for the initial upgrade to 6.1.3.0, before being started. After the initial upgrade to 6.1.3.0, you may resume with rolling upgrades (eg. 6.1.3.0 to 6.1.3.0 iFix01), where one EP is brought down at a time, upgraded, then restarted. 2. Back up the existing configuration data: If upgrading from 5.4.2.2 or prior, back up \conf directory found under Control Center install location. Backup your Control Center database. If upgrading from 6.0.0.0 or later, run exportConfig.sh/bat under \bin. The script creates a folder with all of the configuration data from the database and the conf folder. The location of this folder is conf-exported/{date_time}/conf. As per your need, for recovery purpopse, backup your existing Control Center database. 3. Proceed normally with installing the latest version of Control Center in original . (The installer would automatically un-install the previous version - but all of the configuration data will still be there). 4. On Unix, Linux platforms, run configCC.sh -------------------------------------------- 6.1.3.0 iFix03 (Released 09/21/2020) 1. IT33567/MFT-11256/TS003891769 (2020-07-15) Description of issue: WLP (Websphere Liberty) encoded passwords (i.e. keystore/truststore/database) are written to the engine.log These encoded passwords should be masked. Description of fix: Changed the log display to mask the password. Before and After examples follow: Before fix: [StreamConsumerThread - ] INFO StreamConsumer - OUT-->{xor}Lz4sLCgwLTs= After fix: [StreamConsumerThread - ] INFO StreamConsumer - OUT-->{xor}************ 2. IT33545/MFT-11276/TS003927367 (2020-07-20) Description of issue: Problems upgrading to Control Center 6.1.3.0. Not recognizing EP already in CC_SERVER and adding new one and then ICC does not start. Description of fix: Logic that handles ensuring EP in CC_SERVER correctly refactored. 3. IT33623/MFT-11277/TS003911941 (2020-07-21) Description of issue: Null Pointer Exception occurring during refresh of Connect:Direct File Agent data in CC_SERVER_COMPONENT table. Description of fix: Fixed logic that didn't handle Connect:Direct servers that did not have file agents associated with them so the null pointer exception would no longer occur. 4. LS-21 (2020-07-22) Description of issue: It was determined in some cases that Control Center was listening on IPv6 addresses. This causes various problems. Currently, only IPv4 adddresses are supported in Control Center. Description of fix: Set a system property during application startup to ensure Control Center listens on IPv4 addresses (i.e. -Djava.net.preferIPv4Stack=true). 5. IT33623/MFT-11277/TS003911941 2020-07-28) Description of issue: When EPs are all restarted, some monitored servers are still temporarily reassigned. Description of fix: Added start up logic for the CEP to undo any temporary server reassignments. 6. IT34299/MFT-11272 (2020-07-29) Description of issue: Required commons-codec upgrade to address Apache Commons disclosure 177835 (CVSS 7.5). Description of fix: Upgraded to commons-code-1.14. 7. IT33623/MFT-11277/TS003911941 (2020-07-31) Description of issue: Exceptions occurring, and logged, by NodeServiceTableAdapter when updating servers - NodeServiceTableAdapter - Queue full. Description of fix: Changed logic to wait when the queue of servers to be updated is full. Note queue size can be increased via the Engine property UPDATE_SERVER_BUFFER_SIZE, which defaults to 500. 8. CC-3597 (2020-08-06) Description of issue: Unable to specify a port value less than 1024 when adding a B2Bi server to be monitored. Description of fix: Changed the validation logic to allow a port number as low as 1. 9. IT34300/MFT-11333 (2020-08-08) Description of issue: Required IBM JRE upgrade to address CVE-2020-14578 (CVSS 3.7) and CVE-2020-14579 (CVSS 3.7)in the Q3 2020 Java CPU. Description of fix: Upgraded from 8.0.6.10 to 8.0.6.15. 10. IT33876/MFT-11319/TS004013600(2020-08-12) Description of issue: Export of audit log to pdf fails with "java.lang.String cannot cast to java.lang.Boolean" (in classic console: Tools >> Audit Log >> Export List to PDF). Description of fix: Added code to catch the exception, allowing the export to complete. 11. CC-3598/MFT-11373/TS004107066 (2020-08-27) Description of issue: Engine in stuck state. Servers are up but last check-in time and logs are not updating. A deadlock occurred during synchronized access to the queues used to handle servers and server components to be updated. One thread can't put more data on the queue because it is full, while the other cannot pull anything out because the other thread that's waiting to put data on it, has the lock. Description of fix: Modifed the logic to avoid the deadlock. 12. IT34057/MFT-11382/TS004094974 (2020-08-31) Description of issue: Automated and scheduled reports do not run after upgrade to 6130. The following error message is written to the engine.log: "dd yyyy hh:mm:ss,nnn nnnnnnnnn [DefaultQuartzScheduler_Worker-10] WARN CCObject - File /rep.xml must be available and writable. Error message is: /rep.xml (Read-only file system)." Where: = home directory of the user who executed runEngine.bat|sh. Control Center writes temp file rep.xml to user.home when automated/scheduled reports are run. In this particular case, the customer had a requirement that the user's home directory (user.home) be read-only. Description of fix: Created a new optional property in /conf/InstallationInfo.properties to change user.home to a different (writeable) location: CCENTER_USER_HOME=. Example: CCENTER_USER_HOME=/data/control-center/user-home 13. IT34077/MFT-11373/TS004107066 (2020-09-01) Description of issue: EP stops monitoring monitored servers. Occurred when database I/O to EVENTS table was slow and events being broadcast for that fact. Description of fix: Do not broadcast a warning about EVENTS table updates or inserts taking too long if broadcasting an event that updates or inserts are taking too long. 14. IT34208/MFT-11397/TS004137199(2020-09-14) Description of issue: Change error messages in log files about column limits to warnings or info as appropriate. Description of fix: Changed selected error messages to warn or info. 15. IT34211/MFT-11400/TS004078386 (2020-09-15) Description of issue: Running congifCC loses Cognos TLSv1.2 setting (i.e. TLSv1.1 entry is re-populated into /Cognos/configuration/cogstartup.xml after each configCC from cogstartup_SCC_Template.tmp) Description of fix: Added logic during engine/Cognos startup to check if WEBSERVER_SECURE_PROTOCOL=TLSv1.2 (engine.properties). If so, remove the TLSv1.1 entry from cogstartup.xml. 16. MFT-11413 (2020-09-16) Description of issue: After updating Blacklist in SSP, the Audit Report displays wrong values. The following issues were observed: a. The Configuration object seems to show a tag instead of user-friendly object name. b. Audit events display in report when adding/removing from the blacklists, but not when changing the order of the objects. For example, user id blacklist is user1,user2 and I change it to user2,user1. I see nothing in the SSP Config Change report. Description of fix: Corrected logic to use friendly a user-friendly object name and properly display before/after values. 17. MFT-11414 (2020-09-16) Description of issue: Server that was in ready status did not show Shunned when bad id/pw used. Description of fix: Corrected logic to update the databse with the server staus of "Shunned". -------------------------------------------- 6.1.3.0 iFix02 (Released 07/08/2020) 1. IT32651/MFT-11059/TS003396613 (2020-4-29) Description of issue: Reoccuring "ORA-01000: maximum open cursors exceeded" errors and/or seeing high database cursor usage by ICC. Description of fix: Reduced cursor usage by changing two queries to no longer be cached. Also slightly altered the logic that logs when SQL exceptions occur to better log the SQL command value. 2. IT32611/MFT-11055/TS003575866 (2020-4-29) Description of issue: When ICC is far behind in monitoring SFG servers, perhaps because monitoring was paused, or ICC was down for an extended amount of time, it struggles to ever catch up. Description of fix: Made some small logic changes to address an inefficiency in queries initiated to retrieve "missing" arrived file route and delivery data. Altered the default engine property values for FG_RETRY_INTERVAL and FG_MAX_RETRIES. These properties control how often, and how frequently, ICC will request missing route and delivery data from SFG. Default for FG_RETRY_INTERVAL is now 2000. (A number of milliseconds.) Its default was 10000. Also, before, if the value specified was less than 60, ICC would instead use a much larger value. That's no longer the case. Default for FG_MAX_RETRIES is now 2. It was 10. Also, before the changes for this issue, even if FG_MAX_RETRIES were to be set to 0, ICC would have retried once anyway. That's no longer the case. Also, one new engine property was added - MAX_B2B_EVENT_AGE_IN_MINUTES_TO_LOOK_BACK_IN_DB_FOR. It's default is 64800, which equates to 45 days. This engine property tells ICC to not try to attempt to retrieve any missing arrived file route or delivery data for events that are older than the value specified, which would be 45 days if the default is not overridden. Finally, a small change was made to do a better job of logging SQL exceptions when they occur. 3. MFT-11093/TS003646841 (2020-4-29) Description of issue: When ICC is shutdown errors may fill up all log files from services that don't notice a shutdown is in progress. Description of fix: Logic added to ControllerMonitor, EventProcessorMonitor, ProcessSummaryService, ProcessSummaryWorker, ClusterEventMonitor, EnvironmentMonitor, and EventMonitor to watch for when ICC is shutting down and they now terminate their looping when that occurs. 4. IT32677/MFT-11085/TS003602851 (2020-4-29) Description of issue: When SSP adapters are assigned to multiple SSP engines ICC has problems handling their status. Description of fix: ICC logic updated to handle the situation where one SSP adapter may be assigned to more than one SSP engine. 5. IT32676/MFT-11047/TS003572480 (2020-4-29) Description of issue: Rules created or updated by the Swing console that have return code as a criteria process return code values as strings instead of as numeric values. Description of fix: Changed the Swing console logic that generates the rule match string to treat return code values as numerics instead of strings. Note treating return codes as strings in rules created or updated by the Swing console has occurred for > 10 years. Also, rules created or updated by the web console treat return code values as numerics. In case the original logic in the Swing console is still desired, an engine property was added, HANDLE_RULE_RETURNCODE_THE_ORIGINAL_WAY, whose default is false, and it may be set to true to get the original, albeit errant, behavior. 6. IT32909/MFT-11105/TS003635144 (2020-05-04) Description of issue: Customer ran configCC.sh specifying Oracle JDBC driver ojdbc8.jar after previously having configured using ojdbc7.jar. The following error resulted because both jars were now in the classpath: com.sterlingcommerce.scc.common.SCCException: CJDB014E Cannot create a new connection for URL jdbc:oracle:thin:[host:port:service]. Description of fix: Updated an internal list of database drivers to be excluded from the classpath to ensure only the current specified driver is added. 7. IT32808/MFT-11119/TS003623151 (2020-05-12) Description of issue: Changes introduced in 6130 caused CCTR034E and COSA028E events to not be generated for OSA type servers like SEAS and Global Mailbox, nor to set the status to 'Unknown' for server components associated with the OSA server deemed to be down. Description of fix: This ommission was corrected, so the code should behave as it did now in this area. 8. IT32851/MFT-11127/TS003606190 (2020-05-13) Description of issue: When starting Control Center, runEngine.sh does not return to the bash prompt (i.e. user must hit ENTER). Description of fix: Modified runEngine.sh/runEngineCold.sh so that control is returned to the bash prompt without any user interaction. 9. IT32884/MFT-11131/TS003675945 (2020-05-15) Description of issue: Under certain conditions when the CEP starts, any of its monitored servers temporarliy rassigned to other EPs will remain temporarliy reassigned and must be first manually reasigned to the server they're temporarily assigned to and then reassigned back to the CEP to put things back as they should be. Description of fix: At start up, the CEP will reassign all of its monitored servers temporarily reassigned to other EPs back to itself. 10. IT32912/MFT-11140/TS003699052 (2020-05-19) Description of issue: Attempting to use read Action and creating Action through REST APIs gets error com.ibm.tenx.ws.WebServiceException: Method not allowed. Description of fix: Those APIs had simply not been enabled, so now they and others that should have been are. 11. IT32996/MFT-11135/TS003646841 (2020-05-28) Description of issue: Dates displayed in Web console Recent transfer activity widget are incorrect for some time zones. Description of fix: When console user's preferred time zones are not whole hour offsets from UTC, they are rounded to the closest time zone that is a whole hour offset from UTC and this caused problems for the logic that displayed dates on the chart, which has now been corrected. 12. IT33033/MFT-11185/TS003699727 (2020-06-11) Description of issue: Process summary service logic repeatedly logging error messages when process ending type events handled that contained no process name. Description of fix: ICC process summarization logic was repeatedly receiving process interrupted events from monitored Connect:Direct servers that contained no process name and a process ID/number of 0, and when it did, it would log an error due to the lack of process name. The logic was updated to not log an error in this situation if the process ID was also zero since zero is an invalid process ID, which means these events could be safely ignored by the summarization logic. Logic also changed to not log an info message that started with "notifyProcessEndedDbOper() found batch = 0 and stmt = null, so no executeBatch() was NOT performed for events". It was only supposed to be a debug message, and is now. 13. IT33048/MFT-11142/TS003700086 (2020-06-02) Description of issue: User-Roles summary report doesn't show correct last logon dates. Description of fix: The last logon date stored in the user profile was only updated by the Swing console logic at logon if it ascertained that the current user was not always logged on. This logic was changed to always update the last logon time regardless of the perceived current logon status. 14. IT33062/MFT-11191/TS003776379 (2020-06-03) Description of issue: Swing console displays SSP servers configured to be monitored via multiple MQ servers as a single MQ server with a comma separated list of hosts and ports. Description of fix: Addressed problems in the swing console related to updating and viewing properties for SSP servers' connection information. 15. IT33399/MFT-10981/MFT-11113 (2020-06-28) Description of issue: Required IBM JRE upgrade to address CVE-2020-2654 (CVSS 4.3) and CVE-2020-2781 (CVSS 5.3)in the Q2 2020 Java CPU. Description of fix: Upgraded from 8.0.6.5 to 8.0.6.10. 16. IT33400/MFT-11012/MFT-11013/MFT-11095 (2020-06-28) Description of issue: Required Websphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-17573 (CVSS 6.1), CVE-2020-4303/4304 (CVSS 6.1), CVE-2020-4329 (CVSS 3.0) Description of fix: Upgraded Websphere Liberty to 20.0.0.5 (from 20.0.0.2). -------------------------------------------- 6.1.3.0 iFix01 (Released 04/29/2020) 1. IT32628/MFT-10872 (03-12-2020) Description of issue: Required IBM JRE upgrade to address CVE-2019-4732 (CVSS 7.2) in the Q1 2020 Java CPU. Description of fix: Upgraded from 8.0.6.0 to 8.0.6.5. 2. IT32178/MFT-10927/TS003385016 (2020-03-13) Description of issue: Connect:Direct Browser in Control Center gets error: "There is an IO error: Return Code 712" for the following functions: User Functions tab: "Select Process" and "Select Statistics" and Admin Functions tab: "Network Map", "Functional Authority" and "Proxy". These functions write to a temporary file. The path name generated erroneously included a file name instead of a valid directory name after a web server upgrade. Description of fix: Modifed /web/wlp/usr/servers/defaultServer/server.xml by removing the .war suffix in the following cdbrowser application definition: BEFORE: location="${shared.app.dir}/cdbrowser.war" (generates invalid path name: /web/wlp/usr/shared/apps/cdbrowser.war/cdbrowser) AFTER: location="${shared.app.dir}/cdbrowser" (generates valid path name: /web/wlp/usr/shared/apps/cdbrowser/cdbrowser) 3. IT32149/MFT-10976/TS003366915 (2020-03-17) Description of issue: If sess.pnode.max is set to 0 in an Unix remote node entry, the advance panel values can not be updated. Description of fix: Set the proper valid value range for the default class parameter. 4. IT32094/MFT-10961/TS003332342 (2020-03-17) Description of issue: Cognos failed to start due to a weak cipher list in the Cognos configuration file /Cognos/configuration/cogstartup.xml, when attempting to regenerate it's cryptographic keys. Description of fix: Updated /Cognos/configuration/cogstartup_SCC_Template.tmp to include additional strong ciphers in element cognosCryptoCiphersuite. This template is used to create the Cognos configuration file when configCC.sh|bat is executed. 5. IT31899/MFT-10861/TS003289277 (2020-3-17) Description of issue: Customer requested some query changes, and new indices, to improve ICC performance. Description of fix: A new properties file was introduced - sql.properties. (It is modifiable via the Web console.) At the instruction of customer support, SQL may be added to sql.properties to override the SQL ICC uses (for certain queries). Over time the list of queries that may be specified will grow. For now just two queries may be overridden via sql.properties. Both of which are used by the ICC QueuedProcessesClearJob. ICC looks for the sql property values "getQueuedProcessCount" and "getQueuedProcesses" to get the SQL to use to override its existing SQL. Note that updates to sql.properties do NOT require ICC to be restarted for the changes to take effect. 6. IT32086/MFT-10597/TS002749779 (2020-3-17) Description of issue: Loading the first static page in a Cognos workspace and other things with Cognos are slow. Description of fix: Customer felt part of the slowness was due to the speed of the Cognos Java Authentication Provider (JAP) logic, so via a new system property, USE_CACHED_USERS_AND_ROLES_IN_JAP, users will be able to cause the JAP to run faster. The JAP will run faster when USE_CACHED_USERS_AND_ROLES_IN_JAP is set TRUE (it will be FALSE by default) because it will stop requesting the current list of ICC users and roles every time it is invoked and instead only retrieve the list once, at startup. The effect of this change will be that Cognos will not be aware of any modifications to the list of ICC users and roles after ICC starts, unless it is stopped and restarted. To set USE_CACHED_USERS_AND_ROLES_IN_JAP you must edit {ICC Installation folder}/Cognos/wlp/usr/servers/cognosserver/bootstrap.properties and add the following line to it: USE_CACHED_USERS_AND_ROLES_IN_JAP=TRUE 7. IT32085/MFT-10956/TS003437021 (2020-3-17) Description of issue: ICC will not start. While loading rules the error "Invalid value specified for 'tagName.nonResolutionActionId'." occurred. Description of fix: The message "CRUL090E Error while saving merged Rules." was changed to "CRUL090E Error while saving merged Rules during processing of Rule ID: {0}". This will allow ICC to note the name of the name of the problematic rule that caused ICC to not start in the message logged, which will simplify troubleshooting. 8. CCP-15676 (2020-3-23) Description of issue: Security vulnerabilities - BlackDuck Scan - Upgrade Apache Xerces2 J Description of fix: Replaced xercesImpl-2.11.0.jar with xercesImpl-2.12.SP02-redhat-00001.jar. 9. CCP-15903 (2020-3-23) Description of issue: Security vulnerabilities - BlackDuck - Upgrade to Quartz from 2.2.3 to 2.3.2 Description of fix: Replaced quartz-2.2.3.jar with quartz-2.3.2.jar. 10. MFT-10994 (2020-03-24) Description of issue: Required CDBrowser upgrade to address a few security issues (Updated jasper-runtime-5.5.23.jar from jasper-runtime-5.5.15.jar/Clickjacking Issue fixed/Removed struts 1 references from C:D Browser code/ Jasper-runtime upgrade). Description of fix: Upgraded to C:D Browser 1.5.0.2 iFix26 (from iFix22). 11. IT32629/MFT-10873/MFT-10893 (2020-03-31) Description of issue: Required Websphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-4720, CVE-2019-12406 Description of fix: Upgraded Websphere Liberty to 20.0.0.2 (from 19.0.0.12). 12. IT32379/MFT-10940/TS003404923 (2020-04-03) Description of issue: When a monitored Connect:Direct File Agent uses the loopback address (127.0.0.1) to communicate with its Connect:Direct server, ICC does not accept its traps. Description of fix: For ICC to accept traps from Connect:Direct File Agents, the trap c_submitNode value must match the address and port used by ICC to monitor its Connect:Direct server. A change was made so ICC will also accept the trap if the source address of the trap matches the address of a monitored Connect:Direct server. -------------------------------------------- ************************************************************************************************* All fix items listed ABOVE represent fixes made after 6.1.3.0 GA (i.e. 6.1.3.0 iFix01 and later). All fix items listed BELOW represent fixes included in 6.1.3.0 GA. ************************************************************************************************* -------------------------------------------- 6.1.3.0 (Released 03/20/2020) The following represent 6.1.2.1 iFixes included in 6.1.3.0 GA base release 6.1.2.1 iFix03 (Released 04/23/2020) 1. IT31524/MFT-10647/TS002847898 (2020-1-15) Description of issue: When using Internet Explorer browser, the ICC Recent File Transfer Activity widget on the dashboard shows the wrong dates. Description of fix: Internet Explorer does not support converting of a text string such as 2019-12-26T00:00:00.000-0600 to a date. So java script code in the 10x framework was attempting to form the date manually but did not take into account the timezone. The java script logic was changed to apply the timezone to correct the issue. 2. IT31543/MFT-10828/TS003193813 (2020-1-15) Description of issue: Adjacent node parallel session and default class parameters are not required for CD z/OS servers. Description of fix: Stop forcing an entry to be made for these parameters. 3. IT31635/MFT-10820/TS002901477 (2020-01-23) Description of issue: Completed file transfer view missing transfers Description of fix: Logic used to prevent file transfers in a process from being double counted was causing file transfers to not be counted at all. When processes end, they and the transfers they perform are summarized. Some processes may stop and/or be suspended before they complete, and when this occurs they'll be summarized. And when they're resumed, and they complete, again, they'll be summarized again. In this case the process, while technically not stopping and resuming, did include multiple connection shutdown events, which are treated as a process end. The logic that prevented transfers from being double counted was reworked to prevent transfers in processes that are summarized more than once to be counted once, and only once. 4. IT31540/MFT-10868/TS003288993 (2020-1-31) Description of issue: Excessive java logging displays trust and key store passwords. Description of fix: Set javalogging.properties level back to WARNING from FINEST. 5. MFT-10860 (2020-2-14) Description of issue: Excessive logging of errors when data collected from a monitored server precedes the earliest database partition. Description of fix: Changed logging from error to debug when this condition occurs. -------------------------------------------- 6.1.2.1 iFix02 (Released 01/15/2020) 1. IT30684/MFT-10633/TS002781942 (2019-11-01) - Spurious logging from summarizer when transfers falsely reported as having an excessive duration Description of issue: Internal logic was passing process events out of order to the summarizer because invalid millisecond values were stored in EVENTS.DATE_TIME, which caused it to get "confused" and pair step start and step end events for transfers incorrectly. Description of fix: Logic used to sort the process events was fixed. Instead of sorting by EVENTS.DATE_TIME and then EVENTS.SEQ_NUM, the logic now sorts on EVENTS.SERIAL_NUM when it can, which will always be right and more efficient. 2. IT30678/MFT-10633/TS002781942 (2019-11-01) - MSSQL HY008 (Operation cancelled) SQL errors occuring and monitored servers get paused Description of issue: Contention on ICC database tables is causing MSSQL to cancel one or more operations, which typically results in a monitored server being paused. Description of fix: HY008 was added to the list of recoverable errors in DatabaseProperties.xml and logic was added to check to see if a recoverable error occurred. So now, when an HY008 SQL error occurs with an MSSQL database, the SQL will be retried, and monitored servers will not be paused until the retry count has been exhausted. Also, the NOLOCK hint was added to the queries used by the EventMonitor logic when an MSSQL database is used to lessen contention on the ICC database and lower the chances of an HY008 SQL error occurring. 3. IT30699/MFT-10680/TS002855275 (2019-11-05) - Some configCC short cut options not working. Description of issue: Short cut options -jms and -email are not working properly. Description of fix: Correct short cut logic. Note that updating email info requires the cognos also be configured which will now happen if the email option is chosen. 4. IT30856/MFT-10478/TS002271409 (2019-11-05) - Cannot launch console after upgrade to 6.1.2 Description of issue: The classic console will sometimes fail to open from the Control Center launch page, due to an error caused by a ServiceLoader conflict during Websphere initialization. When this occurs, the only option is to stop and start the webserver (i.e. stopWebAppServer.sh|bat / startWebAppServer.sh|bat) -OR- stop and start Control Center. You can identify the error by looking for the following messages in /web/wlp/usr/server/defaultServer/log/messages.log. com.ibm.ws.session.WASSessionCore I SESN0176I: A new session context will be created for application key default_host/webstart com.ibm.ws.webcontainer E SRVE8059E: An unexpected exception occurred when trying to retrieve the session context java.util.ServiceConfigurationError: org.apache.logging.log4j.util.PropertySource: Provider org.apache.logging.log4j.util.EnvironmentPropertySource not a subtype at java.util.ServiceLoader.fail(ServiceLoader.java:250) at java.util.ServiceLoader.access$300(ServiceLoader.java:196) Description of fix: Modified engine startup logic and startWebAppServer.bat|sh scripts to cause a slight delay when loading the webstart application (sccwebstart.war). The default value is 10 seconds. This allows Websphere and the other applications to fully load/initialize and avoid the offending ServiceLoader conflict. The delay value can be changed as follows: -Engine startup: Specify the number of seconds in /conf/InstallationInfo.properties: WEBSTART_COPY_DELAY=n[n] (eg. WEBSTART_COPY_DELAY=15). -startWebAppServer.bat|sh: Specify the number of seconds as argument 1 (eg. ./startWebAppServer.sh 15). 5. IT30919/MFT-10693 (2019-11-07) Description of issue: Customer received a Cognos email notification due the mobile "Apple Push Notification" certificate nearing expiration. The following error/warn messages were also observerd in \Cognos\logs\mob.log: ERROR com.cognos.mobile.server.apns.APNSSocket - Mobile Apple Push Notification certificate has expired. Please visit http://www-01.ibm.com/support/docview.wss?uid=swg24034258 to download and install the latest certificate. WARN com.cognos.mobile.server.apns.APNSCertificateExpiredChecker - Your Apple Push Notification Certificate expired 39 days ago. This certificate expires yearly, but does not cause any functional / operational issue with the product, since the mobile feature is not used. Description of fix: Updated the installer with the latest Apple Push Notification certificate. There will be a subsequent Control Center fix to attempt to permanently disable the mobile feature within Cognos, as to avoid having to update the certificate annually. Please refer to the link in the above error message if you would like to update the certificate yourself in lieu of applying the fix package for this issue. 6. CCP-15677/CCP-15684 (2019-11-08) Description of issue: Security vulnerabilities (CVE-2017-17485 / CVE-2018-11307 / CVE-2017-7525 / CVE-2017-15095 / CVE-2018-14721 / CVE-2018-14720 / CVE-2018-14718 / CVE-2018-14719 / CVE-2018-19362 / CVE-2018-19360 / CVE-2018-19361 / CVE-2018-7489) found in jackson-databind-2.9.1.jar. Description of fix: Deleted jackson-databind-2.9.1.jar as it was determined that it was not used. 7. MFT-10407 (2019-11-12) Descripton of issue: The .console.out file (i.e. \bin\.console.out) is never rolled over when Control Center executes as a Windows started service, but works properly when the engine is started via runEngine.bat. Description of fix: Added logic to detect when the engine is starting as a Windows service and if so, call the ConsoleManager to manage the .console.out files. As part of this fix additional changes were made to allow a user to control the number of backup /bin/.console.out files (Windows) -and- /bin/nohup.out files (Linux/Unix) by setting a corresponding property in /conf/InstallationInfo.properties as follows (default is 5). Linux/Unix: NO_OF_BACKUPS_FOR_UNIX_STD_OUT_FILE=n[n] Windows: NO_OF_BACKUPS_FOR_WINDOW_STD_OUT_FILE=n[n] 8. CCP-15877/CCP-15822 (2019-11-18) Description of issue: Security XML External Entity (XXE) Vulnerability found ICC web console and java console XML updates. Description of fix: Modified ICC web console and java console to not allow DOCTYPE in XML definitions. 9. CCP-15844 (2019-11-20) Description of issue: The event count associated with summarized processes is wrong intermittently. The process summarization logic may summarize multiple processes at once and it always calculates the earliest start of all processes being summarized and uses that value when selecting events associated with the processes it is about to summarize. If there are events associated with a process to be summarized that precede the "start" event for a process, and also precede the earliest start for processes about to be summarized, then those events will not be accounted for in the total events. This problem typically just affects the summarized process detail view and does not affect the count of file transfers. Description of fix: Modified the logic that obtains the events associated with the process/processes to be summarized to select events used for summarization starting 10 seconds prior to the earliest start event for the processes to be summarized. 10. MFT-10738 (2019-11-20) Description of issue: Logging by the SLC service is done in the Jetty log file instead of the SLC log file. Description of fix: Updated EngineLogger.xml to specify the correct appender for SLC service logging. 11. IT31012/MFT-10719 (2019-11-20) Description of issue: When the servers in a server group referenced by a Workflow SLC milestone change, the SLC match logic for events is not updated. Description of fix: The Workflow SLC event matching logic was updated to handle updates to the contents of a server group referenced by one of its milestones. 12. MFT-10543 (2019-11-21) Description of issue: Erroneous warn/error messages (shown below) and exception stack trace occur in the Control Center CCClient log beginning in 6.1.2.0. The GUI Console comes up fine, otherwise. [Thread-nn]WARN ProcessGetterThread - Warning: Not able to get an instance of SCCAgent in GUI mode. [Thread-nn]ERROR EventProcessorGetterThread - Could not initialize class com.sterlingcommerce.scc.agent.SCCAgent Description of fix: Corrected the logic which produced the warn/error messages and stack trace. 13. IT31061/MFT-10664 (2019-11-26) Description of issue: Cognos fails to start when it attempts to use the ICC third party certificate that has expired. Description of fix: When trying to determine if the ICC third party certificate can be used by Cognos, check if the certificate has expired before deciding to use it. If its expired, use the Cognos CA signed certificate to secure Cognos. Also the following was added to help notify the user that the ICC certificate has expired or is about to expire. When the configCC Keystore / Truststore step is executed, the code will check the key certificate in the ICC keystore and warn the user if the certificate has expired, will expire within 30 days or is not yet valid. When the ICC Engine starts, the code will check the key certificate in the ICC keystore and the trusted signing certificates in the ICC Truststore and write to the engine log any certificate that is expired, about to expire or is not valid yet. When the ICC Engine finds an expired, soon to expire or not yet valid certificate, it will generate events with the below message ids. Rules can be written to generate alerts or emails when an event has any of these message ids. Expired - CCTR143I CCTR143I The ICC {0} certificate with alias {1} has expired. Certificate Date Range: {2} CCTR143I The ICC Trust Store certificate with alias my_expiredCert has expired. Certificate Date Range: Wed Feb 04 21:11:28 UTC 2009 to Mon Feb 03 21:11:28 UTC 2014 Soon to Expired - CCTR144I CCTR144I The ICC {0} certificate with alias {1} will expire within 30 days. Certificate Date Range: {2} CCTR144I The ICC Keystore certificate with alias my_expiringCert will expire within 30 days. Certificate Date Range: Thu Oct 24 12:01:29 CDT 2019 to Wed Nov 13 11:01:29 CST 2019 Not Yet Valid - CCTR145I CCTR145I The ICC {0} with alias {1} is not yet valid. Certificate Date Range: {2} CCTR145I The ICC Keystore with alias my_2020Cert is not yet valid. Certificate Date Range: Wed Jan 01 06:02:38 UTC 2020 to Sat Dec 29 06:02:38 UTC 2029 14. MFT-10614 (2019-11-26) Description of fix: Spaces in the xml filename of an emailList causing the emailList to go missing both when importing the xml file into the database and when importing to the imported folder from the conf. Description of issue: Corrected the logic for both scenarios to properly handle spaces in the file name. 15. IT31137/MFT-10553 (2019-11-27) Description of issue: Beginning with 6.1.2.0 the Completed File Agent Activity display no longer works in the classic console. Description of fix: Corrected the logic to re-direct the user from the classic console to the web UI and properly display Completed File Agent Activity after clicking on File Agent in the Control Center console (in the same fashion as other re-directs, like Active Alerts for example). Please note the following display limitation in the overall context of Completed File Agent Activity: -Completed File Agent Activity will be enabled in the case of single/multiple file agent selection of a single CD Node. -Completed File Agent Activity will be disabled in the case of single/multiple file agent selection of multiple CD Nodes. -Completed File Agent Activity will be disabled in the case of server group. 16. IT31227/MFT-10703 (2019-12-02) Description of fix: Cognos temporary report files are not being removed in 6.1.2.1. Description of issue: Implemented logic to correctly call Cognos temporary report file cleanup processing. 17. CCP-15843 (2019-12-03) Description of issue: Some engine.properties are not being added to the database during fresh installs. Description of fix: Added the following engine.properties with default values to a new install: SUMMARY_TABLES_PURGE_ROLL_UP, SUMMARY_TABLES_PURGE_FILE_COUNTS, SUMMARY_TABLES_PURGE_QUEUE_SIZE, TIME_TO_START_EPS_MINUTES. 18. IT31155/MFT-10770 (2019-12-4) Description of issue: The Brazil/East and America/Sao_Paulo are still defined to have DST and it causes the time in the ICC log files to be wrong and when running configCC the choices for the engine timezones presented are incorrect. Description of fix: TimeZones.xml was updated for Brazil/East and America/Sao_Paulo, as were the time zone definitions hard coded in ICC, which are used prior to updating the TimeZones.xml data. Also, in case there are still issues, two new engine properties were added: - TIMEZONE_OFFSET_MINUTES - no default, use to override whatever the server ICC is running on is using if necessary - TIMEZONE_USE_DAYLIGHT_TIME - default is false, use to override whatever the server ICC is running on is using if necessary These properties may be specified in the script/bat file used to run configCC if the changes made to TimeZones.xml and the internal time zones are insufficient to address the problems seen. Finally, know after upgrading ICC, but prior to restarting ICC, the updated TimeZones.xml file will be in conf/system. When ICC is restarted though the data in this file will simply be deleted if the database table CC_FILES has a TimeZones.xml entry. Users may either update TimeZones.xml manually via the Web console, or, prior to restarting ICC after the upgrade, they may run the following SQL to remove TimeZones.xml from CC_FILES: DELETE FROM CC_FILES WHERE FILE_NAME = 'TimeZones.xml' 19. IT31510/MFT-10732 (2019-12-06) Description of fix: Requirement to address pdfbox security vulnerability CVE-2019-0228 CVSS 5.5. Description of issue: Upgraded to pdfbox 2.0.17 (from 2.0.13). 20. IT31275/CCP-15918 (2019-12-13) Description of issue: Some SLC events errouneous have the transfer event attribute set true causing file transfer counts to be wrong. Description of fix: Explicitly initialized the SLC event attribute for transfer to be false. 21. IT31511/MFT-10793 (2019-12-17) Description of issue: Required IBM JRE upgrade to address CVE-2019-2989 (CVSS 6.8) in the Q4 2019 Java CPU. Description of fix: Upgraded from 8.0.5.40 to 8.0.6.0. 22. IT31332/MFT-10778 (2019-12-19) Description of issue: When maximum cursors exceeded error occurs when inserting events for a monitored server, instead of retrying the failed query, the monitored server is paused. Description of fix: Add additional recoverable error codes to the DatabaseProperties.xml file for Oracle databases. 23. IT31512/MFT-10816 (2019-12-20) Description of issue: Required Webbsphere/Liberty upgrade to address multiple vulnerabilities: CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9517, CVE-2019-9518, CVE-2019-4441, CVE-2019-4304, CVE-2019-4305 Description of fix: Upgraded Websphere Liberty to 19.0.0.12 (from 19.0.0.4). 24. IT31400/MFT-10673 (2020-01-02) Description of issue: Using stopEngine.sh -np fails to stop the engine. Description of fix: Implement a linux only option to support the -np stop engine option. 25. MFT-10823 (2020-01-08) Description of issue: The java.security override file (/conf/CC_java.security) is not properly referenced by the Cognos jvm. The file is used to override properties specified in the java master security file (/jre/lib/security/java.security). Description of fix: Added code during engine startup to ensure the following property is set in /Cognos/wlp/usr/servers/dataset-service/jvm.options: -Djava.security.properties=/conf/CC_java.security. --------------------------------------------- 6.1.2.1 iFix01 (Released 10/14/2019) 1. IT30088/R17638/MFT-10333 (2019-09-13) - Some transmissions do not appear on the ICC dashboard Description of issue: At first the issue was transmissions not appearing, then it was too many transmissions appearing. Description of fix: To address transmissions not appearing, a change was made to the summarization logic to deal with process end events received from CD zOS servers not up-to-date on maintenance that were sending process end events with no process name. To address too many transmissions appearing, a change to the summarization logic, the DefaultSummarizer to be specific, to fix the start time and end time set for summarized file transfers. 2. IT30173/R17710/MFT-10526 (2019-09-13) Description of issue: DVGs with criteria that only specified server groups not triggering Description of fix: Added logic to expand server group to the servers they include when initializing DVGs at system startup so DVG criteria not empty. 3. CCP-15713 (2019-09-13) Description of issue: Null pointer exception occurs while creating Simple SLCs, which caused ICC to shut down. Description of fix: Logic didn't handle the case when creating the first Workflow/Simple SLC or the first Wildcard SLC in the system correctly and threw a null pointer exception, which subsequently caused ICC to believe a database error occurred and to then shutdown. Logic updated to handle this situation correctly now. 4. CCP-15545/R17676 (2019-09-17) Description of issue: Changing the property value for CLEAR_NODE_STATUS_AT_CEP_STARTUP had no effect. It always stayed true. Description of fix: Moved the point in the logic where the property value was ascertained to be after the point where engine property values were initialized. Because it was being set prior to initialization of all engine property values, it always used the default value of TRUE. 5. MFT-10592/IT30309 (2019-09-17) Description of issue: Unsupported database dialect: DB2zOS when starting EP. Description of fix: Add DB2zOS to database type selection logic. 6. IT30132/R17704/MFT-10530 (2019-09-18) Description of issue: A XML parsing exception is thrown during engine startup when engine property SI_SERVER_LICENSE is set to false (default is true). False causes Control Center to not issue the SI OpsCommand "getLicense". The following error message will be present in the engine log when this occurs: [CCEngineWebClientSvc] ERROR CCNode - CXML001E Error while converting XML string to XML document. Document: null Stack Trace: com.sterlingcommerce.component.common.ComponentException: CXML001E Error while converting XML string to XML document. Document: null at com.sterlingcommerce.component.common.util.XMLUtil.getDocument(XMLUtil.java:290) at com.sterlingcommerce.component.common.util.XMLUtil.getDocument(XMLUtil.java:262) at com.sterlingcommerce.scc.client.proxy.CCNode.createGISLicenseExtensions(CCNode.java:2511) at Description of fix: Added guard code to check if the property is set to false and if so, skip some processing which references SI server license info. 7. CCP-14898 (2019-09-18) Description of issue: Getting error message indicating a duplicate Action while trying to load the database from the native conf file action.xml. This was caused by the action.xml previously being loaded into the database but also remaining in the native file conf directory due to a subsequent parsing error. Prior to this fix, all items (actions in this case) remained in the conf until all were loaded into the databse. [CCEngine(CCENTERT1)] ERROR MdActionController - CMDA014E Action load failed. [CCEngine(CCENTERT1)] ERROR MdActionController - RULE043E Duplicate Action. Action ID : Alert if consumer has not requested file Descriptiuon of fix: Modified the logic so that after each element from the conf directory is loaded into the database, the item is immediately moved from the conf into the imported-yyyymmddhhmms conf, instead of performing all moves after all items have been loaded in to the database. 8. MFT-10199/MFT-10440 (2019-09-19) Description of issue: Security vulnerabilities (CVE-2019-0227 / CVE-2014-3596 / CVE-2012-5784) found in axis.jar. Description of fix: axis.jar has been updated with fix for the above issues. 9. IT30548/MFT-10572 (2019-09-20) Description of issue: Required IBM JRE upgrade to address CVE-2019-4473 / CVE-2019-11771 (CVSS 8.4) in the Q3 2019 Java CPU. Note: CVE's only apply to AIX. Other platforms are not affected. Description of fix: Upgraded from 8.0.5.37 to 8.0.5.40. 10. R17706/MFT-9089 (2019-09-23) Description of issue: The java.security override file (/conf/CC_java.security) is not properly referenced by the Cognos jvm. The file is used to override properties specified in the java master security file (/jre/lib/security/java.security). Description of fix: Added code during engine startup to ensure the following property is set in /Cognos/wlp/usr/servers/cognosserver/jvm.options: -Djava.security.properties=/conf/CC_java.security. 11. CCP-15633 (2019-09-25) Description of issue: The CCAPI sample documentation incorrectly referenced two jar files in the sample command execution. Description of fix: Changed the documentation references from --> to: lib\icu4j-59.1.jar --> lib\icu4j-62_1.jar and lib\10x-db-openjpa-3.9.0.jar --> lib\10x-app-db-openjpa-3.9.0.jar. 12 CCP-15432 (2019-09-25) Description of issue: When I right-click on a server called rhel504101sp snd select Completed Processes or Active Alerts in the classic console, I am redirected to the web UI, but get an error saying "server RHEL504101SP is not found". Description of fix: Corrected the code to preserve the context of mixed case when the re-direct occurs. 13. IT30437/MFT-10567 (2019-09-25) Description of issue: The Connect:Direct Secure Plus ciphers presented in the ICC console [Configure servers -> Secure+ ] are incomplete with what is seen in SPCLI (Secure Plus Client). Control Center was only requests the cipher lists for SSL/TLS, but not for TLS1.1 and TLS1.2 Descripton of fix: Corrected the logic to request the cipher suites for all protocols (SSL/TLS/TLS1.1/TLS1.2). 14. IT30534/MFT-10549 (2019-09-25) Description of issue: Users are unable to view the preview text when changing User Preferences in the web UI. The following error displays: " has not been granted access to Calendars". Description of fix: Corrected the code to always allow a user to view preview text in user preferences. 15. IT30549/MFT-10159 (2019-09-25) Description of issue: Required upgrade to latest Cognos fix pack to address multiple vulnerabilities. Description of fix: Upgraded to Cognos 11.0.13.2 (from 11.0.13 IF1014). 16. IT03412/MFT-10586 (2019-09-26) Description of issue: After upgrading to 6.1.2.1, configCC.sh fails with the following error messages, immediately after replying to the prompt: Do you want to enable authentication for the Event Repository? (Y/N) [N] : com.ibm.tenx.db.PersistenceException: org.apache.openjpa.persistence.RollbackException: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred. FailedObject: com.ibm.cc.model.Files-../conf:engine.properties This was caused by the engine.properties exceeding a length of 4000 (in xml format stored in the the CC_FILES table) and the configCC logic erroneously attempting to store the data in column CONTENT (instead of CONTENT_CLOB). Description of fix: Corrected the logic in configCC to check for a length value of > 4000 and if so, store the data in the CONTENT_CLOB column. 17. IT30067/R17698/MFT-10533 (2019-10-01) Description of issue: When API calls to create a ICC entity fail, the HTTP response returns a 201 (HttpServletResponse.SC_CREATED) even if the creation of the entity failed. Description of fix: Modified the HTTP response code to return 202 (HttpServletResponse.SC_ACCEPTED) if there is any error in processing the request. Response 202 means that a request was accepted for processing, but was not completed for some reason. 18. CCP-15737 (2019-10-01) Description of issue: Getting message "Database server version 18.0 not supported" when using an Oracle 18c database server (during Windows install and Linux configCC), Descriptiuon of fix: Modified code to check for Oracle 18c as a supported DB server/version. 19. IT30068/R17691/MFT-10445 (2019-10-02) Description of issue: Sometimes when Cognos is running in active mode on EP1 and switches to standby mode in a multi-EP ICC installation, ICC doesn't always recognize the switch (because ICC can still ping the standby Cognos) and stays connected to the standby Cognos on EP1 instead of switching to the active Cognos on EP2. Only when EP1 is stopped does ICC recognize that EP2 has the active Cognos. Description of fix: Modified the ICC Cognos ping logic to also check if the Cognos it can ping is also the active Cognos. And if it is not, signal a ping failure so ICC will reconnect and find the true active Cognos. 20. CCP-15696 (2019-10-02) Descripton of issue: When running the SFG Route by Poducer reports, some step types (Arrived File, Route, Delivery) are missing data. They don't have expected Start/End times as well as other values. This was due to a check in the code comparing for an exact match on step name of "Route" or "Delivery". By default Control Center constructs unique step names (i.e. engine property defaults to true true). Prior to this fix a workaround is to specify this engine property with a value of false. Description of fix: Changed the step name code check from "equals" to "startsWith" Route or Delivery. 21. CCP-15638 (2019-10-02) Description of issue: SQL Error: SQLCODE=-803 (duplicate INSERT attempted) - caused by multiple threads trying to update CC_FILES with statRecordIds at the same time. When multiple monitored server's service is started at the same time, during a upgrade from a ICC release that has statRecordIds still in the conf (instead of CC_FILES), some monitored server service may not start. However, from the second start of ICC onward, the issue will not occur (since statRecordIds will no longer be in conf). So its just an issue with the first engine start after an upgrade from 5.4 or 6.0. Description of fix: Synchronized the code that imports statRecordIds so that only the first thread will update the CC_FILES table. 22. IT30536/MFT-10632 (2019-10-10) Description of issue: Cannot generate Cognos reports due to case sensitivity when checking the Cognos url http://host.name:58085/p2pd/servlet/dispatch. The Cognos configuration (cogstartup.xml) contained uppercase hostname http://HOST.NAME:58085/p2pd/servlet/dispatch. The following message sequence repeated thousands of times in /log/CognosReportService.log: [CognosConnectionTimer] INFO CognosReportService - Cognos Report Server is ready to use! [CognosConnectionTimer] INFO CognosReportService - Periodically connect to: http://HOST.NAME:58085/p2pd/servlet/dispatch [CognosConnectionTimer] ERROR CognosReportService - The Active Cognos, http://host.name:58085/p2pd/servlet, is not the Cognos ICC is connected to, http://HOST.NAME:58085/p2pd/servlet/dispatch. Will try to get connected to Active Cognos. [CognosConnectionTimer] INFO CognosReportService - Active Cognos appears to be unavailable [CognosConnectionTimer] INFO CognosReportService - http://HOST.NAME:58085/p2pd/servlet/dispatch is not available. Begin to connect to other COGNOS Instance. Description of fix: Corrected the code to treat the url check as case insensitive. 23. CCP-15808 (2019-10-11) Description of issue: A second EP can erroneously start acting as the CEP (Controller Event Processor), even though the current CEP is still up and running. Once this occurs, each EP thinks it is the CEP and they can both remain in this state, until Control Center is re-cycled. This scenario can occur if the second EP determines the current CEP has not checked-in for a while and then attempts to ping the CEP before the Access Control Service is initialized. Description of fix: Modified logic in the Controller Monitor Service to determine if Access Control is initialized. If not, then skip the ping attempt and try again later after initialization is completed.