Hardware Management Console

[ Last updated: June 15, 2006 ]

The information in this Readme contains hints and errata information about the Hardware Management Console.

There is no Corrective Service package to update to HMC Version 5 Release 1.0 from HMC Version 4. Users must perform a Save Upgrade Data task to preserve HMC configuration data such as partition profiles, HMC users and HMC configuration, and then use HMC Version 5 Release 1.0 media to upgrade.

Recommended code levels

To find recommended HMC and server code levels for the currently supported for IBM Power Systems, consult the POWER code matrix at.

• PTF-specific information
• Hints and tips for the HMC Desktop
• Enhancements and changes (cumulative)
• Known issues (cumulative)
• Security fixes
• Education information

This section lists the PTFs released for HMC V5 R1.0. The information for each PTF includes sections for enhancements and fixes, known issues (if applicable), and package information. The Package information section provides information to use during the download, installation and verification procedures for HMC corrective service/upgrade packages. For example, you can check the sizes and checksums of downloaded packages, and use the "Splash panel" information to verify that a fix or update was applied successfully. You can also access this PTF-specific information by clicking on the "View" link for any package on the "Downloads" pages of the HMC web site.

This package is critical for customers in China that connect to the IBM service provider using a modem for remote service and support.

The phone numbers used to connect to the IBM service provider from China have changed. You must make configuration changes and install this package prior by January 31, 2007, to avoid a disruption in remote service and support from China. Refer to Enhancements and Fixes for a full description of the steps required to make this change.

You can also reference this package by APAR MB01994.

This package provides the following fix:

Update Modem Connectivity to the IBM service provider in China

As of February 1, 2007, the existing phone numbers used by the HMC to connect to the IBM service provider within China will be discontinued. Effective immediately a new, expanded set of phone numbers are available to connect to IBM in China.

Before your HMC can successfully connect to the IBM service provider using these new numbers, this package must be installed on your HMC. We recommend that you configure a minimum of two phone numbers.

The new North China phone number 16970 can be dialed from the following cities.

The new South China phone number 4006 744444 can be dialed from the following cities.

The following phone numbers will be accessible throughout China.

You may continue to connect to the IBM service provider electronically from China without installing this package if you can do either of the following:

Use an existing broadband connection to connect to IBM.��� You can configure either the Internet VPN or Internet SSL option.

OR

Configure your HMC to call home using an international call to an AT&T access point outside of China. The following numbers may be convenient alternatives. Note that international dialing codes must be added to call them from China.

1. Hong Kong

   3001-1700

2. Singapore

   6825-1800

3. Seoul

   02-3018-3073

Steps required to change phone numbers used to connect to the IBM service provider

1. Before you begin, install this package.
2. Log on the Hardware Management Console. In the navigation area,��� open Service Applications.��� Select the Remote Support Option, and then click Configure Outbound Connectivity.
3. Within the Customize Outbound Connectivity Pane, click the Local Modem Tab.��� Within the Local Modem tab, locate the Telephone Number box, and then select Add.
4. From the Add Telephone Number pane, make sure that China is selected as the Country or Region.��� Compare the phone numbers displayed to the list shown above.��� If the new numbers are displayed in the list, select a number from the list, and then click Add.���
5. If the newer numbers are not yet on your list, you may type the numbers in the Telephone Number field instead of selecting of one of the numbers displayed. Note that if you manually enter these numbers, there is an additional requirement that the System Address, as specified in the Customize Customer Information Pane, is set to China.���
6. IBM recommends that a minimum of two phone numbers be configured for each Call Home server.��� You may test your connectivity to each phone number from the Customize Outbound Connectivity Pane.
7. Once you have successfully tested your connectivity using the new numbers, you should remove the older numbers from the list of Telephone numbers.������ From the Customize Outbound Connectivity Pane, select the phone number you wish to remove, and then click Remove.
8. After you have completed all your changes, click OK from the Customize Outbound Connectivity Pane.

This package provides OpenSSL and Open SSH security fixes for HMC V5. You can also reference this package by APAR MB01905. It replaces MH00857

This package provides the following security fixes:

This package provides an OpenSSL security fix for HMC V5. You can also reference this package by APAR MB01870.

This package provides the following security fix:

CVE-2006-4339: OpenSSL RSA signature evasion

This PTF provides a command monkacpid, that allows processor usage of the keventd kernel daemon. This PTF can be referenced by APAR MB01844.

A number of internal modems, when installed in HMC Machine Type 7310-C04 or 7310-C05, are affecting the performance of the HMC. If you have such an HMC configuration, install this PTF, and then run the monkacpid command from either

• a restricted shell terminal at the HMC, or
• a remote client over SSH.

This command produces output similar to the following. The output is refreshed every 4 seconds.

 Every 4s: /usr/bin/top -s -b -n 1 -p 3                  Thu Sep 14 14:57:19 2006

  top - 14:57:20 up 53 min,  2 users,  load average: 0.17, 0.10, 0.08
  Tasks:   1 total,   0 running,   1 sleeping,   0 stopped,   0 zombie
  Cpu(s):   5.5% user,   1.0% system,   0.0% nice,  93.5% idle
  Mem:   1022096k total,   919596k used,   102500k free,    32516k buffers
  Swap:  2032212k total,        0k used,  2032212k free,   264288k cached

 PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
   3 root      15   0     0    0    0 S  0.0  0.0   0:00.02 keventd 

If the number in the %CPU column is greater than 10.0, please contact IBM Hardware support to order a replacement modem. Please reference Retain Tip H187630.

Fix missing cron entries after an upgrade

This PTF fixes problems with missing cron entries and file permission that occur following an upgrade.

Notes:

• If you have installed MH00822 and performed the upgrade by using the rstupgdata command, then install MH00837 after the reboot and restore are complete.
• If you happened to install MH00837, and then installed MH00822 to perform the upgrade, then you must re-apply MH00837 after the reboot and restore are complete.

This PTF can also be referenced by APAR MB01796.

Fixes these problems following and Upgrade to HMC Version 5:

• cron entries needed for LPAR utilization data collection are missing.
• user is unable to log in and download websm client.

rstupgdata for HMC Version 5

This PTF provides a new command, rstupgdata, that can be used to restore upgrade data, saved on DVD-RAM, after a new Install of HMC Version 5. You can also reference this package by APAR MB01665.

A number of HMC machine types, 7310CR2/7315CR2/7310CR3/7315CR3, have experienced upgrade failures when moving from HMC V4.x to HMC V5.x, or from HMC V5.1 to HMC V5.2.x. Because of this issue, IBM strongly recommends the use of the following upgrade method to upgrade from HMC V4.X to HMC V5.X, or from HMC V5.1 to HMC V5.2.0 or V5.2.1. This method can be used on all machine types.

Recommended upgrade method

Fix /var filesystem full problem in V5R1.2

This PTF can only be installed on code level HMC V5R1.2. This PTF (MH00690) is also referenced by APAR MB01377.

This package includes fixes for the following issues:

• Fix for saving user task roles to be persistent across HMC reboots.
• Corrects problem with /var filesystem filling up. This may result in unpredictable behavior. After a reboot the HMC Login may Fail and Return User to Sign On Prompt.

HMC Maintenance Package Version 5, Release 1.2. This package includes fixes previously provided in MH00493, MH00507, MH00607, MH00534 and MH00523. If you are upgrading to HMC Version 5 Release 1.0, you must install this maintenance package.

This package includes the following fixes or enhancements:

DST

Fix for Daylight Saving Time changes

Code Update

• Code Update enhancement to replace incomplete firmware image on hard drive from a previous failed code update.
• Corrected a Redundant FSP Code Update problem so that HMC will commit code on secondary FSP even if primary FSP has already been accepted ( 595, 590, 570 w/ R-FSP FC).
• Enhancement to Code Update Deferred Fix Pack Messages to better define deferred fix activation and list deferred fixes. Deferred fixes can be applied sequentially with out activating previously applied deferred fixes.
• Fix to allow operating system upgrades using FTP Option and Windows FTP Server
• The Code Update Release Upgrade GUI has been enhanced to allow a user to select a supported release level from a list of currently available releases. Prior to this level of HMC code, the Code Update GUI always defaulted to the most current level of FW and did not give the user a choice.
• The confirmation panel for release upgrades has been enhanced to show the old Engineering Change Number, old Firmware Level, new old Engineering Change Number and new Firmware Level. The previous panel showed only the old EC Number and new EC Number, but not the Firmware levels.
• Code Update levels displayed on System Information panel will reflect only the repository that is being targeted, and not the level on the HMC hard drive.
• Corrected a Firmware Code Update problem that caused the Code Update function to require the hscroot userid if an FSP reboot was required.
• Corrected a managed system common targeting locking issue that could be encountered after canceling an MES Code Update.
• Corrected Dual FSP code Synch to properly set next IPL side on secondary.
• Status messages have been added to the confirmation panel after a release upgrade or downgrade.

Scheduled Operations

Correction of a problem that caused Scheduled Operations to be lost on reboot and the logging of reference code E3550046.

Logging

HMC Logging enhancements which reduce memory usage. Without this enhancement, over time, the creation of many different types of log entries could consume enough memory to impact the stability of the HMC.

Repair and Verify

• Corrected the Repair and Verify panels for model 520 GX adapter replacement
• Repair and Verify support for new concentric clamp hardware for 590/595. New concentric clamp hardware for Squadrons H 590/595 systems requires that before installing a PU Book, the concentric clamp bushing and pin are flush with one another. A check must be performed to ensure they are flush or the PU Book will not seat correctly, causing system downtime and possible damage to the PU Book connectors.
• The Repair and Verify procedures and Exchange parts screens for FSP, VPD, and Clock card programmatically removes power at the node DCA for the managed system only rather than directing the CE to EPO the entire frame.
• Enhanced the Repair and Verify exception handling code to allow for multiple FRU queries and allow for retry.

Save Upgrade Data/Backup

Corrected problem causing virtual retain data to not be sent during a call home operation.

Problem Analysis/Call Home

• The manual call home settings have been disabled for the 7048 switch errors because it is not supported.
• Problem Analysis enhancement to Extended Error Data to include server/partition firmware levels.
• Corrected an issue that caused dump retrieval to fail when multiple threads attempted to read dumps simultaneously.
• Enhanced handling of Managed System disconnects and reconnects so that error logs are not discarded.
• Correction to direct some European calls to proper URSF.

Service Agent

• Service agent enhancement to include hmc hostname in data sent to RETAIN.
• Fix to Service Agent generated emails for RFC 2822 compliancy for users with QMail SMTP.

User Management

• Corrected Japanese Managed Object Roles panels to display Japanese characters in ja_JP Locale.
• Allows user creation with "0" & " ' " in the description field.

HMC Management

Fix compatibility problem when remotely managing HMC's in a mixed environment, where HMC's are installed with different code levels.

Miscellaneous

Provides fix for IBNM performance/hang problems during rendering of IBNM dialogs.

Partition Management

• Fix for activating a VIO server partition with ethernet trunk adapter that's assigned to a shutdown partition.
• Added GUI error message to indicate a required virtual slot cannot be removed.
• Fix problem where system profile partition activation's order is not preserved.
• Fix for the create logical partition profile summary to show the correct number of virtual adapters created.

Security

Fix to disable DNS look-up access for SSH (CVE-2003-0386)

Fixes for Dump Collection issues on redundant FSP

This PTF can only be installed on an HMC that is a one of the following code levels:

• HMC V5R1.0 and PTF MH00507
• HMC V5R1.1
• HMC V5R1.1 and PTF MH00523

For model 9119-590, 9119-595, 9406-595, 9116-561 and 9117-570 systems with redundant service processor feature at system firmware levels SF235_160, SF235_180, and SF235_185:

A system firmware problem has been identified that will cause the secondary service processor (FSP) to reset during run time causing an FSP dump to be taken. The HMC currently does not collect the dump from the secondary FSP so after multiple occurrences, the FSP dump space will fill up resulting in the secondary FSP becoming deconfigured (GARDed) when no hardware problem exists.

The system will lose service processor redundancy and continue to run without interruption. Restoring service processor redundancy will require a scheduled maintenance outage.

To prevent the secondary FSP from becoming GARDed, HMC PTF MH00607 has been created to collect dumps from the secondary FSP so that the FSP's dump space will not fill up.

This package includes fixes for the following issues:

• Dump is not retrieved properly from redundant FSP.
• SFP event is not logged for missing FSP card.

Remote HMC Management fix

Notices:

Do not install this PTF if you are using the IBM Network Manager product.

Install this PTF ONLY if your HMC is currently at V5R1.1. That is, this package should be installed only if you have already installed PTF MH00534

This package includes fixes for the following issues:

• Fix remote HMC management problem:
  After applying PTF MH00534, if you add an HMC running V5R1.0 to the list of hosts to be managed by an HMC running V5R1.1, and then try to access tasks on the HMC running V5R1.0, you will get the error "HSCP0155 The task is unavailable. Please try again later."
• CVE-2003-0386: OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability

NLS enhancement for HMC Version 5 Release 1

This PTF can be applied on any HMC at Version 5 Release 1.0, including:

• PTF MH00407
• PTF MH00455
• PTF MH00464
• PTF MH00493
• PTF MH00507
• PTF MH00522

Applying PTF MH00534 to an HMC 5.1 with any of the following PTFs installed:

• PTF MH00455
• PTF MH00493
• PTF MH00507

removes the information entry for the PTF(s) from the output of the lshmc -V command. The fixes provided in these PTFs are not removed, merely the entry for the PTF in the lshmc command output. This PTF includes all the fixes provided by MH00507 and MH00493. PTF MH00534 replaces the previously released PTF MH00522.

This package includes the following enhancements and fixes:

• Enhancements to support locale setting with the following commands : chhmc and lshmc.
• Additional locale supports: BiDi (Bi-directional), UTF-8, and other locales. Use lshmc ���L to see the list of locales supported.
• Additional keyboards support. There are multiple pages for the keyboard configuration. During the keyboard configuration, enter 98 to go the next page and 97 to go to the previous page.
• IBM Network Manager (IBMNM) product support from an HMC perspective. Please refer to the HPSNM/IBMNM page for availability of the IBMNM Service Packs. The Service Packs, together with the IBMNM enhancement in MH00534, provide full support for IBM Network Manager.
• Fixed problem of creating users after applying PTF MH00522: Users created after applying PTF MH00522 cannot see the console when logging in at the local HMC.
• Fixed problem with GRUB corruption after restoring critical console data: When backing up critical console data, files under /boot are not required to be backed up as they are not needed and can cause GRUB to be destroyed. After installing this PTF, perform a critical console data backup again to make sure these files are no longer backed up.

Maintenance Fix that must be installed on HMC Version 5 Release 1.0. This fix replaces PTF MH00455. If you have not yet installed MH00455, do not install it. Install MH00507 instead. If you have already installed MH00455, install MH00507 as well.

This package contains all the fixes included in MH00455, as well as additional fixes. It addresses the following issues:

• Support for code update health check.
• Support for secure ASM proxy.
• Fix for frame name change independent of cage status.
• Fix for miscellaneous repair and verify functions.
• Fix for miscellaneous code update function.
• Fix for multiple call home issues.
• Fix for miscellaneous IBMNM function.
• Fix for logging of IP address by "logssh".
• Fix for help in the GuidedSetupWizard panels.

Notice:

Install this PTF ONLY if your HMC is currently at V5R1.0. Check the "About" splash panel on your HMC to find your current Version/Release level.

Fixes for leap second handling, DST time and openssl

This package includes fixes for the following issues:

• New library to handle leap second and DST time zone properly.
• Provides CAN-2005-0109: OpenSSL update.
• Provides CAN-2005-2969: OpenSSL fix for potential SSL 2.0 Rollback vulnerability

InfoCenter update package

Update to Information Center for HMC V5R1.0.

This maintenance fix for HMC 5.1 was replaced by MH00507. All the enhancements and fixes for this package are included in MH00507. If you have not yet installed MH00455, do not install it. Install MH00507 instead. If you have already installed MH00455, install MH00507 as well.

The fixes in this package are included in MH00507:

• Support for code update health check.
• Support for secure ASM proxy.
• Fix for frame name change independent of cage status.
• Fix for miscellaneous repair and verify functions.
• Fix for miscellaneous code update function.
• Fix for multiple call home issues.
• Fix for miscellaneous IBMNM function.
• Fix for logging of IP address by "logssh".

HMC V5 R1.0 upgrade and recovery package

This package includes the following enhancements:

• Install/Backup/Restore over network.
• Support to configure Host Channel Adapter
• Support for Mobile CoD
• Support for Enhanced Manage On/Off CoD
• Support for Virtual IO Server Shared Ethernet failover
• Support for IO Server Enhancements for VIOS and RPA partitions
• Support for Redundant FSP with Dynamic failover

This package has the following known issues:

• At HMC 5.1, a License Internal Code update executed by any non-hscroot user will result in error ACT01724 with an E302F927 or E302F874 SRC logged in Service Focal Point.

  To resolve the issue, under the Licensed Internal Code Update menus, check the accepted, installed, and activated levels now on the system and if necessary, take appropriate action or restart the code update as hscroot.

• The Certificate Authority public key file for use with Websm Java Webstart client is not preserved when upgrading HMC from version 4 to version 5. The result is a warning message that a non-secure connection will be used when connecting to the upgraded HMC version 5, with Java Webstart client.

  To resolve this problem, regenerate the Certificate Authority public key file by following these steps at the local HMC:

  1. Select System Manager Security ' Certificate Authority ' Copy this Certificate Authority's public key ring file to removable media. Perform this operation at the local HMC where the Certificate Authority was defined and the server keys were previously generated.
  2. Insert a media to receive the public key ring file, then select HMC or AIX Client option when prompted.
  3. When the task completes, use the media created on the HMC that the webstart client was downloaded from. Select System Manager Security ' Certificate Authority ' Copy Another Certificate Authority's public key ring file from removable media.
  4. When the task completes, the Certificate Authority public key ring file will be re-created on the HMC.
  5. When Jave Webstart client contacts the HMC, it should notice that the file has been modified and will download it to the client automatically.

• To launch the browser, right click on the desktop to display the menu. Select "Net", and then "Browser".
• To start a restricted shell terminal, right click on the desktop to bring up the menu. Select Terminals", and then "rshterm".
• Currently, HMC only stores four (4) service processor dumps and four (4) platform system dumps per managed system.
• Changes of a partition profile do not apply immediately to the partition. The changes on the partition only take effect when activation is done through the profile.
• To view keylock positions and SRC values when performing Operator Panel Service Functions through Service Focal Point, use the Server and Partition plugin.
• To view system event logs, you must login as a user with the hmcpe role. From Service Applications, select Service Focal Point -> Service Utilities -> Actions -> View Problem Logs.
• Before using the HMC to upgrade your i5 or p5 Power5 server to the 01SF235_160_160 Firmware code level or greater, your HMC must be installed with the V5 R1.0 HMC code.
• If the HMC is set up as a DHCP server on a private network, do not use the chhmc, mksysconn or rmsysconn commands to make new or remove existing network connections. These commands should only be used if the HMC is on a public network with static IP assignments.
• If the HMC is used in a Cluster 1600 environment, see the following Redbooks Technote: Cluster 1600 and the Hardware Management Console

• Help Search is not supported. Help Find is supported.
• Printing is not supported.
• The numerical keypad on some keyboards doesn't work. Use the normal numerical keys instead.
• When your Power5 system is shipped to you it is in a non-HMC managed mode by default. Once you attach and set up an HMC to manage your Power5 system, the default non-HMC managed mode exits. The procedure to return to the default non-HMC managed mode is documented on the InfoCenter website under "Resetting the server to a non-partitioned configuration". Use the following link to view the document.
  
  http://publib.boulder.ibm.com/infocenter/eserver/v1r2s/en_US/info/iphbl/iphblresetserver.htm

The following customer courses will be available from Resource Link for the Product Announce on May 4, 2004.

• How to Use the eServer i5 and p5 Hardware Management Console
  This course explains how to install and configure the Hardware Management Console (HMC) for the Model 520/570. It also covers the HMC's basic operations by exploring the general user interface. Partitioning is discussed in detail, with explanations showing both command line and GUI support.
• eServer i5 and p5 - Physical Planning for Installation
  This course discusses considerations for the physical planning for installation of eServer Models 520 and 570. It then provides the user with links to obtaining the step-by-step installation procedures.
• Resource Link Highlights
  This course provides an overall look at the major Resource Link (RL) areas and how to use them. These areas are Planning, Education, Library, Forums, Fixes, Problem Solving, Services, Customer Initiated Upgrade, and Tools. It also provides step-by-step procedures in using the Subscription function.
• Performing Licensed Internal Code Maintenance
  This course discusses about maintaining the software that enables hardware such as the service processor on your eServer POWER5 system.

Access to these courses requires an IBM Registration ID and Resource Link Access.

To obtain an IBM Registration ID

1. Go to http://www.ibm.com/servers/resourcelink
2. Select "Register" under New users
3. On the My IBM Registration, fill in an e-mail address for IBM ID and password, and the Security question and answer and the Country of residence and then click Continue and fill in the rest of the User information and click Submit.

Resource Link Access for New Users

1. Go to http://www.ibm.com/servers/resourcelink
2. Select "Sign in" enter the IBM ID and password you used to register above
3. Select "Customer"
4. Click "Submit" Once submitted it will take an hour before the access takes effect

To view a course

1. Sign in to Resource Link
2. Select Education in the navigation bar on the left
3. From the Education page, select "eServer i5 and p5 courses"
4. Select "How to Use the eServer i5 and p5 Hardware Management Console"
5. Select "Performing Licensed Internal Code Maintenance"
6. Double-click the link to open the course.

Notes:

1. The courses are browser based. For optimal viewing, we recommend Microsoft Internet Explorer 6.0 or higher with your display set at 1024 x 768. To set your display, go to My Computer -> Display -> Settings
2. Course pages can be book marked for easy retrieval.
3. Course simulations open in a separate window. Use the X in the upper right corner of the window to close the simulation.
4. If there are QuickTime videos in the course, you need to have the QuickTime viewer installed. A link to the free viewer is on each Resource Link course page and on the related page within each course.

Documentation, installation guides, cumulative PTF history, best practices, and related support information:

HMC documentation

• HMC Notices
• POWER code matrix
• FLRT: Fix Level Recommendation Tool