Hardware Management Console Readme

For use with Version 7 Release 3.1.0 and Version 7 Release 3.2.0

Date: June 8, 2007 and October 18, 2007

Introduction

The information in this Readme contains hints and errata information about the Hardware Management Console. Please consult the HMC's technical support Web site for up to date information. (https://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html)

Hints and Tips:

Hints and Tips for using the new web-based user interface

This user interface is comprised of several major components: the Banner, the Task bar, the Navigation pane, the Work pane, and the Status bar. The Banner, across the top of the workplace window, identifies the product and logo. It is optionally displayed and is set by using the Change User Interface Settings task. The Task bar, located below the Banner, displays the name(s) of any tasks that are running, the user ID you are logged in as, online help information, and the ability to logoff or disconnect from the console. The Navigation pane, in the left portion of the window, contains the primary navigation links for managing your system resources and the Hardware Management Console. The items are referred to as nodes. The Work pane, in the right portion of the window, displays information based on the current selection from the Navigation pane. For example, when Welcome is selected in the Navigation pane, the Welcome window content is displayed in the Work pane. The Status bar, in the bottom left portion of the window, provides visual indicators of current overall system status. It also contains a status overview icon which may be selected to display more detailed status information in the Work pane.

The System p Operations Guide for the Hardware Management Console and Managed Systems can be accessed online on the HMC. Select Welcome in the Navigation pane. The Welcome window content is displayed in the Work pane. Select HMC Operations Guide to view it.

Additional education, support, tutorial and technical information can also be accessed online on the HMC. Select Welcome in the Navigation pane. The Welcome window content is displayed in the Work pane. Select Online Information to view it.

To log on the HMC from a remote browser, the HMC must first be configured for web browser access. See appendix C of the System p Operations Guide for the Hardware Management Console and Managed Systems for instructions on how to configure the HMC for remote web browser access. After the HMC has been properly configured, from your web browser enter the URL of the HMC using the format https://xxx.xxx.xxx.xxx. Also in Appendix C, it is important to read the “Logging on the HMC from a LAN connected Web browser’ section. Security warnings may be presented to your Web browser and the issues related to certificate management should be understood prior to using this function so you can perform the appropriate actions.

Upgrade Hints

Certificates and keyring files generated by the System Manager Security application (on HMC Version 6) will not be migrated to HMC Version 7. Applications such as remote 5250, which import the public key ring file to establish a secure connection with HMC, will need to import a new public key ring file. The new file, SM.pubkr, will be generated and stored on HMC V7 under /opt/ccfw/data directory. User can copy this file, using the scp or sendfile command.

For further information on how to setup remote 5250 using SSL, see support document located on the System i Technical Support website at the URL

http://www-03.ibm.com/servers/eserver/support/iseries/index.html. This document and many others can be found by selecting the "Technical databases" link.

Enhancements and Changes in V7R3.2.0

Server and Partition Management

IO Reporting Partition (Hardware Discovery)

Provides summary of IO attached to the system pre-OS for configuration.
Provides HMC users more detailed view of slot contents including child devices.
Allows administrators to view Ethernet MAC addresses and FibreChannel WWN’s from the HMC before partitions are configured.
Provides detailed inventory to System Plan Tool to verify system configuration and validate customer orders

Ability to create multiple virtual processor pools, providing easier license management by capping the number of processor cycles that can be consumed by a group of uncapped logical partitions.
Partition mobility - a new HMC function, on systems that are capable to use this function, that enables moving a partition from one managed system to another. The active partition mobility function provides the HMC administrator the ability to non-disruptively move a running partition, with its operating system and applications, profiles, and virtualized resources, across two capable and compatible servers that are under the control of the same HMC. The inactive partition mobility function provides the ability to move an inactive, powered-off partition, with its profiles and virtualized resources, across two servers that are under the control of the same HMC.
Support for redundant POWER6 FSP failover.

Platform Management

Added support to allow the use of Kerberos to authenticate users on HMC. Users are created on the local HMC, but uses a remote Kerberos server for authentication.
Added support to setup Kerberos Key Distibution Center (KDC) server configuration.
Corrected Manage Dumps task handling of dump parameters for a Squadrons Server

Redundant FSP enhancements and corrections.

Added a Deactivate Attention LED task that allows a user to deactivate the attention LED's on multiple servers and/or partitions. This new task simplifies the previous methods for deactivating LED's, View System Attention tasks for systems and Manage Attention LED for partitions, which were single target tasks.

Corrected a problem where a FSP dump could not be initiated from HMC when system is in poweron state giving unrecoverable error message.

Added console log events for adding and deleting NTP servers to create audit trail.

Corrected a problem in the HMC backup critical console data task where it does not detect specific permission problem on a remote directory on the ftp server. This problem prevented backup from completing although a message was displayed that indicated the task completed successfully.

Corrected errors that caused mail to be sent to the HMC console resulting in performance degradation on the HMC.

Corrected an issue with backup of the HMC where their HMC archive data may be directed to an unknown location. If the user did NOT specify an optional directory to offload their HMC archive to, there will be an internal 'cd /' issued from within the ftp session. Where that directs their data depends on how their ftp server is set up. It may be re-directed to user's home directory or to their ftp server's physical "/" directory.

Corrected an issue with the HMC interface with multiple column tables where a sort option was not performing correctly.

Corrected user interface code to handle the change in formatting of the V7 HMC model type and display the information correctly.

Corrected a problem in Systems Management where a user could not toggle between Capacity on Demand and default views using MS Internet Explorer V6.0.

Fixed a problem where data replication of 'Group Data' failed to replicate changes to any of the slave HMCs.

Corrected a problem where the HMC User Interface Task Bar was flashing continuously.

Updated the Network Settings task's reboot/restart requirements. A reboot is no longer required for most modifications to network settings.

Enhanced Partition Availability Priority user interface

Miscellaneous improvements to the Guided Setup Install Wizard

Corrected the deployment of the main HMC user interface window to adjust the screen height on the local console

Corrected a problem when using a context menu or drop-down menu in the HMC Work Pane, the opened menu will freeze.

Corrected an error found when using the provided icon or dropdown options to filter a table to reduce the number of visible rows. Instead of only rows that are NOT filtered out being selected, all rows of the table are selected.

Corrected problems seen on an HMC console with more than one console active (local and remote), where tasks were not visible and panels were not fully rendered.

Corrected a problem with Network Settings when attempting to return the network interface from an open, non-DHCP Server configuration (on the private subnet shared with the FSPs and DHCP Server) to a previous private, DHCP Server configuration.

Corrected a problem in Manage Task and Resource Roles with copying the customized resource roles.

Clarified and handled the field 'No IPv4 address' on the Change Network Settings/Adapter Details panel.

Enhanced HMC User Roles so that users assigned Super User roles (hmcsuperadmin) will be able to customize their individual user settings independently of other HMC Super Users. Previously all user assigned Super User roles shared user settings.

Added help to Customizable Data Replication for "Customer Information" data.

Enhanced Change User Password task user interface.

Power Management

With power saver mode capable system, customers can enable this feature through HMC to save power by dropping the voltage and frequency to a fixed percentage.
Customers can now schedule the power saver mode feature through the schedule operations task by selecting a managed system.
IBM^® Systems Director Active Energy Manager™ can collect trending information and perform other advanced EnergyScale features by utilizing HMC's network connections to managed systems.
For more information on EnergyScale feature, refer to the white paper for IBMEnergyScale for POWER6 Processor-Based Systems. (http://www.ibm.com/common/ssi/cgi-bin/ssialias?infotype=SA&subtype=WH&appname=STG_PS_USEN&htmlfid=PSW03033USEN&attachment=PSW03033USEN.PDF)

Service Management

Enhanced the HMC Serviceable Event feature to not only provide Serviceable Events for the managed system, but to now also include Serviceable Events for the HMC.

SNMP traps were extended to generate HMC related notices.

New HMC monitored resources including:

1. CCFW JVM activity

2. Total HMC system usage

3. Individual process usage

4. Disk partition utilization

A new command, chhmcfs, was created to manage log files.

Enhanced ServiceRM to handle increased number of partitions in a single PHYP based system.

The design ServiceRM was enhanced to control the flow of data between itself, the RMC daemon and the client on the HMC to better handle memory and alleviate contention for resources.
ServiceRM was also modified from handling RMC requests one at a time to handling multiple requests. Previously, if one request did not complete the subsequent requests would be queued and resulting in possible deadlock. Now requests are honored with multiple threads.

Command Line

• The following commands have been added to manage HMC file system disk space usage:

• chhmcfs - frees up space in HMC file systems

• lshmcfs - lists HMC file system disk space usage information

• The following commands have been added to configure and list the HMC object manager security setting:

• chomsec - configures HMC object manager security

• lsomsec - lists the HMC object manager security setting

• A new command, rnvi, has been added to enable HMC users to edit text files in a restricted mode.

• The following commands have been added to configure and list power management settings for a managed system (POWER6 servers only):

• chpwrmgmt - changes power management settings

• lspwrmgmt - lists power management settings

• The following commands have been added to support partition mobility (POWER6 servers only):

• lslparmigr - lists partition migration information

• migrlpar - performs a partition migration operation

• The following commands have been enhanced to support partition mobility (POWER6 servers only): chsyscfg, lssyscfg, and mksyscfg.

• The following commands have been added to support Kerberos configuration on the HMC:

• getfile - gets and deploys the Kerberos service key (keytab) file on the HMC

• rmfile - removes the Kerberos service key (keytab) file from the HMC

• The following commands have been enhanced to support Kerberos configuration on the HMC and remote Kerberos authentication: chhmc, lshmc, chhmcusr, lshmcusr, and mkhmcusr.

• The following commands have been enhanced to support multiple shared processor pools (POWER6 servers only): chsyscfg, lssyscfg, mksyscfg, chhwres, lshwres, and lslparutil.

• The following commands have been enhanced to support hardware discovery (POWER6 servers only): chsysstate and lshwres.

• A new option has been added to the chhmc command to set the SSH protocol version for the HMC to use.

• The chhmc and lshmc commands have been enhanced to support enabling and disabling remote web browser access to the HMC.

• A new ‘s’ option has been added to the getupgfiles command to allow secure FTP to be used to transfer the upgrade files.

• The lssyscfg -r sys command has been changed. The sp_failover_enabled and sp_failover_state attributes are no longer output unless the -F option is specified on the command. Now those attribute values will only be displayed if either the -F option is specified with no attribute names, or if the sp_failover_enabled and sp_failover_state attribute names are specified with the -F option.

• The -o noprobe option for the mksysplan command has been deprecated. It has been replaced by the --noprobe option. In addition, two new options for inventory collection have been added to the mksysplan command: --nohwdisc and --noinvscout.

• A new option has been added to the sendfile command to allow the user to specify the name of the file on the remote system.

• A new option has been added to the updlic command to synchronize Licensed Internal Code on redundant service processors, and also on redundant Bulk Power Controllers.

• Hardware Discovery command line enhancements:

chsysstate –r sys will include the new option onhwdisc

lssyscfg –r sys will display the new cec capability for Hardware Discovery, hardware_discovery_capable

lssyscfg –r lpar will display the new lpar definition state for Hardware Discovery in the lpar_env and lpar_type attribute.

lssyscfg –r lpar will display the new VSP definition state for Hardware Discovery in the state attribute.

lssyscfg –r prof will display the new lpar definition state for Hardware Discovery in the lpar_env attribute.

lshwres –r io –rsubtype will include a new type slotchildren to list Hardware Discovery slot information

Licensed Internal Code (LIC) update

Enchanced Code Update logic to disallow accept/reject if all components are running on the "wrong" flash side:

o If all components are on the T side, the reject option is grayed out in the GUI, and the "updlic -o j" command will give the following error message:

The reject operation cannot be performed because all components are running on the temporary flash side.

o Likewise, if all components are on the P side, the accept option is grayed out in the GUI, and the "updlic -o c" command will give the following error message:

The accept operation cannot be performed because all components are running on the permanent flash side.

o If there is a mixture of components on the T and P sides, the accept/reject operations can be peformed to the subset of components that are on the correct side for the operation (i.e. those running on T side for accept and those running on P side for reject). In this situation, a message will be displayed to the user asking if they wish to continue.

Enhanced estimated time values.

Amended Code Update to make E302F8A5 an informational log instead of an error log when exceptions are received from lslic command in an effort to determine HMC code update ownership.

Corrected a code update issue where if multiple updates were started at approximately the same time but to different repositories the data from one repository survey could be overwritten by the second.

Corrected code update to support updating of systems that have only one BPC.

Scheduled Operations

Added support to Scheduled Operations for Utility Capacity on Demand (CoD). There are two different scheduled operations for Utility CoD:

Moving Utility CoD processors in/out of the shared processor pool. This swill be accomplished via the chcod command.
Setting the maximum Utility CoD minute usage limit. The idea is that the customer could schedule the setting of this limit on a monthly basis, therefore implementing a monthly Utility CoD minute usage limit. This will be accomplished via the chcod command.

Corrected Scheduled Operations Backup Profile Data to include a --force parameter to always overwrite any pre-existing backup file.

Corrected a problem seen in Dynamic configuration Scheduled Operation View Details. This was an issue that only affects Dynamic Reconfiguration Scheduled Operation that were migrated from the 6.1.2 HMC.

Problem Analysis

Corrected handling of contention for dumps from 2 HMC's to prevent the incorrect HMC from retrieving the dump and multiple call homes for the same error.A serviceable event will be created on one of the HMC's indicating a dump could not be retrieved.

Enhanced Dump Manager to track call home status and problem association. (617124 )
Enhanced SFP Serviceable Event Overview sorting.

Modify serviceable event text for PEL-based events to not include PEL severity information.

Enhanced call home data to include a reference code summary file to provide a more concise, complete, and readable version of the serviceable event data that includes all serviceable events on the HMC.

Amended refcode lookup code to handle the refcode format passed in via the partition view's refcode column that includes the partition as part of the input.

Added a busy/processing window to eServer Registration process interface so that it is apparent that background processing is going on.

Service Agent

Change to handle 9 character refcodes

Corrected a problem with remote session when running with Firefox browser handling password updates and resets

Repair and Verify

Added support to concurrently add a new GX adapter as an upgrade and for the concurrent (cold) repair support for GX Adapters. The adapter must be deconfigured/garded during IPL/reIPL prior to the repair.

Added support for I/O Drawers MTM 7041-SD1, Feature Code 5886, and MTM 7214-1U2. Since these drawers are connected via SAS cables from the I/O adaptors in the server, the HMC will not be able to detect their presence in a configuration. The Repair and Verify procedures will be written to instruct the user to manually interact with the drawer. The procedures for each FRU will be displayed within a browser in HTML format.

Corrected the 5094 exchange procedure graphics to include the locations of the connectors on the card in location C10.

Corrected repair procedure for PCI adapter cards on System I.

Enhanced and/or corrected instructions for Service Processor cable removal.

Enhanced concurrent repair instructions for removable media devices to include quiescent of applications running on operating systems that may be using a removable media device and using operation procedures to manually shut down of all applications and logical partitions.

Enhanced process for exchange of VPD passthru card.

Corrected panel flow for the exchange of the power cables for the 5094.

Corrected/enhanced concurrent and nonconcurrent procedures for the exchange of MMA fans.

Add support to procedures and service guides to handle the IO expansion units G30, 5790, 5796 and 5296.

Clarified the A2 Fan Exchange procedure to instruct the user to replace the Op Panel only if it was removed.

Corrected the way that surveillance errors are logged by the HMC for valid managed systems without an MTMS. Previously, by default RV launched Info Center content. Now the correct isolate procedures will be run.

Corrected the procedure for a MMA fan to be concurrent.

Known Issues in HMC V7R3.2.0

A timing issue exists where 2 panels, using the same set of information, and one panel modifies some data and the other panel knows nothing about the modifications. This situation can result in ‘stale’ data overwriting newer data. The problem will be fixed in a later PTF.
If a HMC is attached to an initialized system without micropartitioning turned on, LPAR profile creation will fail. The workaround is to rebuild the managed system. The problem will be fixed in a later PTF.
A DLPAR ‘Move Memory’ operation will partially fail if the move hits pinned memory. Sometimes the pinned memory is higher than the reported minimum. The amount of memory moved will be some fraction of the amount of memory requested in the move. The error message gives the impression that the whole operation failed. The problem will be fixed in a later PTF.
If a Virtual Ethernet Adapter is added with a VLAN ID of 1, the adapter will show up as missing in the LPAR Properties panel for an AIX partition. The problem will be fixed in a later PTF.
When a customized user logs in, the “tip of the day” panel displays a task error. The problem will be fixed in a later PTF.

Enhancements and Changes in V7R3.1.0

Server and Partition Management:

The most significant and the most noticeable change in the HMC for 7.310 is the move to a new Web-based User Interface both locally and remote. This interface uses a tree style navigation model providing hierarchical views of system resources and tasks using drill-down and launch-in-context techniques to enable direct access to hardware resources and task management capabilities. It provides views of system resources and provides tasks for system administration.

HMC 7.310 can manage both Power5 and Power6 servers.

On Power6 servers the following new features/enhancements have been added.

Support for Host Ethernet Adapter (HEA). An HEA provides each logical partition using the adapter with its own virtual adapter and logical ports. An HEA may be shared between multiple partitions. This provides direct data and control path between the partitions and the adapter, allowing partition-to-partition connectivity.
Partition Availability Priority. This can be used to prevent transient and catastrophic CPU (processor core) failures from resulting in system or partition termination. Total recovery from catastrophic CPU failures will require that a spare processor is or can be made available to replace the failed CPU.
Utility CoD is a new CoD offering for eClipz GA1. It replaces the Reserve CoD offering. Utility CoD is only available for processor resources.
Enhancements to the Dump facilities. These enhancements will reduce unplanned customer outages and improve platform serviceability, by eliminating unneeded and duplicate hardware data from platform system dump, and moving all formatting of dump data to the post-collection analysis phase. This improves dump runtime performance and frees up FSP control store to allow more problem-specific hardware data to be collected.
Shared Pool Usage of Dedicated Capacity. This feature provides the ability for partitions that normally run as “dedicated processor” partitions to contribute unused processor capacity to the shared processor pool.
Customers may use some of the capacity that is formerly locked up in dedicated processor partitions to satisfy peak needs for the shared processor pool without resorting to using utility on-demand processors.
Automatic Call-home for i5/OS partitions
Virtual Server Model Instrumentation. This feature provides a common interface for server system management. Driven by IBM and several other companies, there is an effort to standardize the Virtual Server Model (VS Model) for the server system management, which includes the managed server resource representation and the management service functions. HMC 7.310 contains the first phase of work for HMC to provide the standardized VS Model as the common interface for third parties to manage the server system and their hardware resources.

System Plans:

Automated installation of VIOS into LPAR
Automated provisioning of virtual resources with the VIOS LPAR
Improved capability of creating a system plan from a managed system
Additional import &export capability via HTTPS
Improved System Plan Viewer user controls and details

HMC Command Line:

A new command, dump, has been added. The dump command sets the system dump parameters for a managed system (POWER6 servers only).
The following commands have been added for system plan resource management on the HMC:

defsysplanres - defines a system plan resource
lssysplanres - lists defined system plan resources
rmsysplanres - removes a defined system plan resource

The following commands have been enhanced to support barrier synchronization (POWER6 servers only): chsyscfg, lshwres, lssyscfg, and mksyscfg.
The following commands have been enhanced to support partition availability priorities (POWER6 servers only): chsyscfg, lssyscfg, and mksyscfg.
The following commands have been enhanced to support the new processor sharing mode that allows an active dedicated processor partition to share its unused processors (POWER6 servers only): chhwres, chsyscfg, lshwres, lslparutil, lssyscfg, and mksyscfg.
The following commands have been enhanced to support electronic error reporting for i5/OS partitions (POWER6 servers only): chsyscfg, lssyscfg, and mksyscfg.
The following commands have been enhanced to support processor compatibility modes (POWER6 servers only): chsyscfg, lssyscfg, and mksyscfg.
The following commands have been enhanced to support Host Ethernet Adapters (POWER6 servers only): chhwres, chsyscfg, lshwres, lssyscfg, mksyscfg, and rsthwres.
The following commands have been enhanced to support Utility Capacity on Demand (POWER6 servers only): chcod, lscod, and lslparutil.
The lssyscfg -r prof command to list partition profiles has been changed. The --filter option to specify the partition for which profiles are to be listed is no longer required. Therefore, all partition profiles for all partitions in the managed system can now be listed by issuing lssyscfg -r prof -m <managed system>.
The mksyscfg -r lpar and mksyscfg -r prof commands have been changed. The load_source_slot attribute is no longer required to be specified when creating an i5/OS partition or partition profile on a POWER6 server.
The partition shared_proc_pool_util_auth attribute has been deprecated. It has been replaced by the allow_perf_collection attribute. These two attributes will always have the same value. The commands that use these attributes are chsyscfg, lssyscfg, and mksyscfg.
A new option has been added to the chsysstate command to enable console service functions for an i5/OS partition.
New options have been added to the chhmc command to set the date, time, time zone, and clock type on the HMC.
A new option has been added to the chsvcevent command to close all serviceable events on the HMC.
A new option has been added to the mksysplan command to limit the inventory gathered to just the PCI slot devices.
A new option has been added to the mksysplan command to display verbose output during command processing.
A new option has been added to the lsdump command to list the system dump parameters for a managed system (POWER6 servers only).
The lsdump -h command has been enhanced to display dump offload progress.
The lslic -t power and lslic -t syspower commands have been enhanced to display automatic code download status.
A new option has been added to the lslic command to display Power FRU level and status information.
The dlslic command has been removed. The information that was displayed by the dlslic command is now displayed by the lslic command.
Due to security restrictions in the HMC Web-based user interface, an HTML file containing Terms and Conditions can no longer be presented to users who login locally on the HMC. Instead, a text file containing welcome text can be presented to users who login locally on the HMC. Therefore, the chusrtca command has been changed to no longer support deployment of Terms and Conditions and to support deployment of welcome text instead. If you are upgrading from HMC V6R1 and the display or Terms and Conditions at login is currently enabled on your HMC, then the contents of the UserLicense.html file containing the Terms and Conditions is preserved. After the upgrade is complete, the contents of the UserLicense.html file will exist unchanged in the /opt/hsc/data/license/WelcomeFile.txt file and will be displayed as welcome text to users that login locally on the HMC. You may then want to deploy a new welcome text file that does not contain HTML and that has text that better fits a welcome message.
The lsusrtca command has been deprecated.
To use X11Forwarding on HMC, from the SSH client, run your ssh command with the -Y or set the value of ForwardX11Trusted in your /etc/ssh_config file to yes.
The max_capacity_sys_proc_units and max_capacity_sys_mem attributes displayed by the lshwres command have been deprecated since these values cannot be accurately determined for all managed systems. For partition profiles, the maximum memory value will now be limited to the value 4,294,967,295 (0xFFFFFFFF) MB. The maximum processor values for a partition profile will now be limited to a new value, which is displayed by the new attribute max_procs_per_lpar in the lshwres command.

National Language Support:

Translation language packs are not available at this time. HMC
will release the translation language packs separately at a later

time. In the initial release there are some locale specific issues,

i.e., decimal numbers are not being formatted properly. These
issues will be addressed in the translation language packs.

Known Issues:

Web Browser Requirements

Hardware Management Console web browser support requires

HTML 2.0, JavaScript™ 1.0, Java Virtual Machine (JVM), and
cookie support in browsers that will connect to it. Contact your

support personnel to assist you in determining if your browser

is configured with a Java Virtual Machine. It is required that the
web browser uses the HTTP 1.1 protocol and if you are using a
proxy server, the HTTP 1.1 protocol is enabled for the proxy

connections. Additionally, pop-ups must be enabled for all

Hardware Management Consoles addressed in the browser if

running with pop-ups disabled. The following browsers have

been tested:

Microsoft® Internet Explorer 6.0 or later Note: If this browser is configured to use an internet proxy, then local intranet addresses should be included in the exception list, consult your network administrator for more information. If you still need to use the proxy to get to the Hardware Management Console, enable Use HTTP 1.1 through proxy connections under the Advanced tab in your Internet Options window.

Firefox 1.5.0.6 or later.

Note: For Firefox 2.0 make sure the JavaScript options to
raise or lower windows and move or resize existing windows
are enabled. To enable these options, go to the Content tab in
the browser’s Options dialog, click Advanced... next to the
Enable JavaScript option, then select Raise or lower
windows option (a check mark appears) and Move or resize
existing windows option (a check mark appears). These
features allows you to switch easily between HMC tasks.

Other Web Browser Considerations

Session cookies need to be enabled in order for ASMI to work when connected to HMC remotely. The asm proxy code saves session information and uses it.

Using Internet Explorer

1. Select Tools -> Internet Options

2. Select Privacy tab and select 'Advanced'.

3. Check if 'Always allow session cookies'

4. If not checked, check 'Override automatic cookie handling' and check 'Always allow session cookies'

5. You can choose how you want to handle First-party Cookies and Third-party Cookies, block or prompt or accept. (prompt is preferred in which case you will be prompted every time a site tries to write cookies. It may be a little annoying, but it is the safe thing to do. Some sites need to be allowed to write cookies)

Using Firefox

1. Tools -> Options

2. Select Cookies Tab

3. Select check box Allow sites to set cookies.

4. If you want to allow only specific sites then select 'Exceptions' and then you can just add this HMC to allow.

Other Issues

The HMC now reserves the first ten virtual adapter slots on each VIOS (Virtual I/O Server) partition for internal HMC use.

Configuration rules:

1. The maximum Virtual I/O Slot Number should be set to (at least) 10 plus the number of virtual I/O slots desired by the customer.

Note that setting the maximum higher is OK, the danger is setting it too low. Setting it below 10 will cause a compatibility issue with newer levels of HMC code. Excess virtual slots use a small amount of additional memory, but otherwise have no impact.

2. All customer virtual I/O slots (virtual SCSI, virtual Ethernet or virtual serial) must use virtual slot IDs 11 or greater.

3. The VASI adapter (used by the Mobile Partition function) must be assigned to virtual slot ID 2.

When using the updhmc command with the -i flag, input echo is not restored when the command finishes. You can use the CTRL-D key to logoff then log back in.

Licenced Internal Code (LIC) update

A new task was added which allows the user to ensure that the system has no errors which will prevent Licensed Internal Code update from working correctly. This new task is invoked by selecting "Check System Readiness" from the Updates task selection list or using the "-o k" parameter of the updlic command.
A new task was added which allows the user to view system information without entering a "change" task. This new task is invoked by selecting "View System Information" from the Updates task selection list.
The restricted-access dlslic command was removed. Equivalent capability was added to the lslic command. For more details, see the command line section of the readme.

Security Fixes:

CAN-2003-0989	tcpdump remote DOS
CAN-2003-0190	OpenSSH: info leak issue
CAN-2004-0078	mutt remote buffer overflow
CAN-2004-0110	libxml2 URI Parsing Remote Buffer Overflow
CAN-2004-0109 CAN-2004-0181	Kernel ISO9660/JFS local privilege escalation, info leak
CAN-2004-0183	tcpdump ISAKMP remote DOS
CA-2005-35	SSH Protocol 1 Weakness and Vulnerability
CAN-2004-0427 CAN-2004-0424 CAN-2004-0229 CAN-2004-0228 CAN-2004-0394	Kernel privilege escalation, local DoS
CAN-2004-0554	Kernel "__clear_fpu()" Macro local DoS
CAN-2004-0523	kerberos aname_to_localname remote root compromise
CVE-2004-0493	Input Header Memory Allocation Denial of Service
CVE-2004-0488	Apache mod_ssl FakeBasicAuth Buffer overflow
CVE-2004-0747 CVE-2004-0748 CVE-2004-0751 CVE-2004-0786 CVE-2004-0809	Apache 2 Multiple Denial of Service
CVE-2004-0942	Apache MIME Header Memory Consumption
CAN-2004-0460 CAN-2004-0461 VU#317350 VU#654390	dhcp-server: remote system compromise
CVE-2002-1363	libpng remote DoS
CAN-2004-0590	Certificate chain authentication in Openswan pluto
CAN-2004-0649	L2tpd: remote execution of arbitrary files w/ privs of l2tpd user
VU#388984 VU#236656 VU#160448 VU#477512 VU#817368 VU#286464 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599	libpng: multiple vulnerabilities
CAN-2004-0415	Kernel: local privilege escalation, race condition in file offset pointer handling
VU#550464 CAN-2004-0644	krb5: remote unauthenticated DoS
CAN-2004-0817	imlib: local execution via heap overflow
CAN-2004-0687 CAN-2004-0688	xf86: multiple buffer overflows with malformed xpm images
CAN-2004-0966	gettext: Insecure temporary file handling
CAN-2004-0804 CAN-2004-0886	tiff: Buffer overflows in image decoding
CAN-2004-0884	Cyrus-sasl2: (ver2.1.7)Insecure handling of environment variable
CAN-2004-0971	krb5: krb5-workstation: Possible symlink attack, priv escalation via temproary file mishandling
CAN-2004-0989	libxml: remote code execution, buffer overflow
CVE-2004-0079	Openssl vulnerability
CAN-2004-0975	Openssl: possible symlink attack via temp file mishandling
SUSE-SA:2004:041	xf86: SuSE security updates for libxpm
CAN-2004-0782	imlib: xpm security updates in imlib
CAN-2004-1010	zip: buffer overflow in info-zip when using recursive folder compression
CAN-2004-1308	tiff: multiple buffer overflows
CAN-2004-0986	iptables: variable init failure can cause failure to load firewall rules
CAN-2004-0883 CAN-2004-0949 CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 CAN-2004-1073 CAN-2004-1074	Kernel update for multiple local and remote DoS vulnerabilities
CAN-2004-0079 CAN-2004-0112	OpenSSL remote DOS
CVE-2006-2937 CVE-2006-2940 CVE-2006-2969 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343	OpenSSL vulnerability
CAN-2005-0155 CAN-2004-0452 CAN-2005-0077	Perl: Security update to address two priv escalation and a buffer overflow condition
CAN-2005-0449 CAN-2005-0209 CAN-2005-0529 CAN-2005-0530 CAN-2005-0532 CAN-2005-0384 CAN-2005-0210 CAN-2005-0504 CAN-2004-0814 CAN-2004-1333 CAN-2005-0003	Updates for multiple issues on 2.4-2.6.11 kernels
CAN-2005-1993	sudo: vulnerabilities allow execution of arbitrary commands
CAN-2005-1267 CAN-2005-1278 CAN-2005-1279 CAN-2005-1280	tcpdump: fix for several DOS vulnerabilities
CAN-2005-1151 CAN-2005-1152 CAN-2005-1349 CAN-2005-0103 CAN-2005-0104 CAN-2005-1455 CAN-2005-1454 CAN-2004-1456 - CAN-2004-1470	tiff: buffer overflow allows execution of arbitrary code
CAN-2005-0109	OpenSSL update
CAN-2005-2969	OpenSSL fix for potential SSL 2.0 Rollback vulnerability
CVE-2001-0572	SSHv1 Protocol Available
CVE-2004-0175	OpenSSH SCP Client File Corruption Vulnerability
CVE-2006-0225	OpenSSH scp remote attack vulnerability
CVE-2006-4924 CVE-2006-4925	Open SSH vulnerability
CVE-2006-5051	Open SSH vulnerability not applicable to HMC due to GSSAPI being disabled
CVE-2006-5794	Open SSH vulnerability
CVE-2006-0058	Sendmail remote code execution
CVE-2006-1721	Cyrus-sasl remote denial of service
CVE-2006-2024 CVE-2006-2025 CVE-2006-2026	Libtiff: various denial of service attacks
CVE-2005-3352 CVE-2005-3357	Apache2 cross site scripting in mod_imap and mod_ssl
CVE-2006-0455	Gpg remote execution by signature checking
CVE-2005-3353 CVE-2005-3389 CVE-2005-3390 CVE-2005-3391 CVE-2005-3392 CVE-2005-3883	Multiple vulnerabilities in php4
CVE-2005-2970	Apache2 worker memory leak
CVE-2005-2974 CVE-2005-3350	Libungif denial of service attack/buffer overflow
CVE-2005-2959	Sudo environment cleaning privilege escalation vulnerability
CAN-2005-2491	PCRE: Integer overflow vulnerability
CVE-2005-3119 CVE-2005-3179 CVE-2005-3180 CVE-2005-3181	Kernel potential denial of service and information disclosure
CAN-2005-2797 CAN-2005-2798	OpenSSH: fixes to prevent escalation of privileges and bypass certain security restrictions
CVE-2005-2876	Util-linux umount “-r” Re-Mounting security issue
CAN-2005-2495	Xf86: Fix remote command execution
CAN-2005-2491 CAN-2005-2700 CAN-2005-2728	Apache2: Security fixes
CAN-2005-1761 CAN-2005-1768 CAN-2005-2500	Kernel: Various Security Fixes
CAN-2005-2452	Tiff: Vulnerability allows DOS attack due to divide by zero error
CAN-2005-2177	Net-snmp remote attack vulnerability
CAN-2005-0448	Perl vulnerabilities
CAN-2005-0758 CAN-2005-0988 CAN-2005-1228 CAN-2005-1260 CAN-2005-0953	Bzip2 vulnerability
CAN-2004-1189	Krb5 multiple security issues
CAN-2005-1849 CAN-2005-2096	Zlib buffer overflow
CAN-2005-2088 CAN-2005-1268	Apache2: fix for multiple vulnerabilities
CVE-2005-2970	Apache2: memory leak
CVE-2005-3357	Apache2 Cryptographic problem
CVE-2006-3747	Apache2: Off-by-one error in the ldap scheme handling in the Rewrite module
CVE-2006-3918	Apache2 vulnerability
CVE-2005-2728	Apache Byte Range Denial of Service
CAN-2004-1453 CAN-2004-0968 CAN-2004-1382	Glibc: Infoleak and symlink attack vulnerabilities
CAN-2005-1111 CAN-2005-1229	Cpio directory traversal and privilege escalation
CAN-2005-0605	Xf86: libXPM integer overflow
CAN-2004-0970	Gzip: temporary file mishandling
CAN-2005-0160 CAN-2005-0161 CAN-2005-0961	telnet: ENV buffer overflow
CAN-2005-1704	Binutils vulnerabilities
CAN-2005-1993	Sudo: race condition
CAN-2005-0373	Cyrus-sasl, cyrus-sasl2 remote code execution
CVE-2005-0916 CVE-2005-2456 CVE-2005-2457 CVE-2005-2458 CVE-2005-2555 CVE-2006-0554 CVE-2006-0555 CVE-2006-0557 CVE-2006-0744 CVE-2006-1055 CVE-2006-1056 CVE-2006-1242 CVE-2006-1523 CVE-2006-1524 CVE-2006-1525 CVE-2006-1527 CVE-2006-1528 CVE-2006-1857 CVE-2006-1858 CVE-2006-1863 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274 CVE-2006-2444 CVE-2006-2448 CVE-2006-2451 CVE-2006-2934 CVE-2006-2935 CVE-2006-3085 CVE-2005-3180 CVE-2006-3468 CVE-2006-3626 CVE-2006-3745 CVE-2006-4093 CVE-2006-4145 CVE-2006-4813 CVE-2006-4997 CVE-2006-5757 CVE-2006-5823 CVE-2006-6053 CVE-2006-2274 CVE-2006-2444 CVE-2006-2448 CVE-2006-2451 CVE-2006-2934 CVE-2006-2935 CVE-2006-3085 CVE-2005-3180 CVE-2006-3468 CVE-2006-3626 CVE-2006-3745 CVE-2006-4093 CVE-2006-4145 CVE-2006-4813 CVE-2006-4997 CVE-2006-5757 CVE-2006-5823 CVE-2006-6053	Kernel Vulnerabilities