vom-Patch-7.1.0.600
Obsolete
The latest patch(es) : vom-Patch-7.1.0.800 

 Basic information
Release type: Patch
Release date: 2017-03-13
OS update support: None
Technote: None
Documentation: None
Popularity: 754 viewed    downloaded
Download size: 523.12 MB
Checksum: 1206481312

 Applies to one or more of the following products:
Operations Manager 7.1.0.0 On AIX
Operations Manager 7.1.0.0 On Linux
Operations Manager 7.1.0.0 On Solaris 10 SPARC
Operations Manager 7.1.0.0 On Solaris 10 X64
Operations Manager 7.1.0.0 On Solaris 11 SPARC
Operations Manager 7.1.0.0 On Solaris 11 X64
Operations Manager 7.1.0.0 On Windows x64

 Obsolete patches, incompatibilities, superseded patches, or other requirements:

This patch is obsolete. It is superseded by: Release date
vom-Patch-7.1.0.800 2017-06-22
vom-Patch-7.1.0.700 (obsolete) 2017-05-19

This patch supersedes the following patches: Release date
vom-Patch-7.1.0.500 (obsolete) 2016-11-29
vom-Patch-7.1.0.400 (obsolete) 2016-10-28
vom-Patch-7.1.0.300 (obsolete) 2016-09-30
vom-Patch-7.1.0.200 (obsolete) 2016-09-16
vom-Patch-7.1.0.100 (obsolete) 2016-08-25

 Fixes the following incidents:
3874671, 3875074, 3876741, 3876961, 3878021, 3878874, 3879128, 3879219, 3879635, 3880002, 3880298, 3880516, 3880720, 3880970, 3882240, 3882353, 3889533, 3890097, 3891147, 3891425, 3894201, 3894318, 3894849, 3895769, 3896106, 3898053, 3898907, 3900221, 3901049, 3902456, 3903305, 3903675, 3903678, 3906365, 3906937, 3908919, 3911174

 Patch ID:
None.

Readme file
                          * * * READ ME * * *
               * * * Veritas Operations Manager 7.1 * * *
                         * * * Patch 600 * * *
                         Patch Date: 2017-03-10


This document provides the following information:

   * PATCH NAME
   * OPERATING SYSTEMS SUPPORTED BY THE PATCH
   * PACKAGES AFFECTED BY THE PATCH
   * BASE PRODUCT VERSIONS FOR THE PATCH
   * SUMMARY OF INCIDENTS FIXED BY THE PATCH
   * DETAILS OF INCIDENTS FIXED BY THE PATCH
   * INSTALLATION PRE-REQUISITES
   * INSTALLING THE PATCH
   * REMOVING THE PATCH


PATCH NAME
----------
Veritas Operations Manager 7.1 Patch 600


OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
AIX 6.1 ppc
AIX 7.1 ppc
AIX 7.2
RHEL6 x86-64
RHEL7 x86-64
SLES11 x86-64
SLES12 x86-64
Solaris 10 SPARC
Solaris 10 X86
Solaris 11 SPARC
Solaris 11 X86
Windows Server 2012 R2 X64
Windows 2012 X64
Windows Server 2008 R2 X64
Windows 2008 X64



BASE PRODUCT VERSIONS FOR THE PATCH
-----------------------------------
   * Veritas Operations Manager 7.1.0.0


SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch ID: vom-HF0710600
* 3874671 (3877660) Audit events are logged 6 hours different to the actual event time.
* 3875074 (3910932) Intermittent issues with RVG not being visible in VIOM.
* 3876741 (3877426) 'Operation in Progress' while doing Enclosure un-configuration.
* 3876961 (3889392) vbs is getting offline and reconfigured repeatedly
* 3878021 (3889402) VOM is spawning multiple perl.exe perl.bin
* 3878874 (3889597) Removing the pagination for VCS logs wizard
* 3879128 (3881253) Solaris Logical Domains are not visible under Virtualization
Perspective.
* 3879219 (3898018) Kernel message: program vxdclid is using a deprecated SCSI
ioctl, please convert it to SG_IO.
* 3879635 (3889903) CP7 does not report as installed properly.
* 3880002 (3879999) Web server crash due to policy check rescans.
* 3880298 (3889400) VBS resource dependency was removed on VOM GUI after a AppHA server reboot.
* 3880516 (3889763) After at_migration.pl on VIOM CMS getting error V-394-4095-803
that 'You are not authorized to perform this action'.
* 3880720 (3880927) OpenSSL security vulnerabilities CVE-2016-21**
* 3880970 (3900930) VIOM Windows CMS unable to send alert e-mails and putting them in spool directory.
* 3882240 (3892026) Wrong output in Performance View for CPU Utilization for AIX MH.
* 3882353 (3897958) xprtld goes in maintenance state after rebooting Solaris Managed Host.
* 3889533 (3896534) API for disk/volume not showing data
* 3890097 (3896540) Create Volume operation failing.
* 3891147 (3892217) sfha6.2.1.100 patch was not recognized after install llt/gab patches.
* 3891425 (3893702) Tomcat Fileupload (CVE-2016-3092) vulnerability in VIOM.
* 3894201 (3898851) VIOM is not able to discover multi-paths for Netapp C-MODE Disks.
* 3894318 (3900764) Disable the use of TLSv1.0 protocol for port 5634 vulnerability.
* 3894849 (3894848) GUI log in fails with error "Server is unreachable. Please try
again after some time.
* 3895769 (3895914) Veritas Infoscale Operations Manager Vulnerabilities.
* 3896106 (3904372) On Windows, sfhbaapp.exe fails to discover Disk capacity 2TB or more and crashes.
* 3898053 (3903111) After upgrade unable to view replication status and intermittent view of RVG links
on Linux agents.
* 3898907 (3899549) Veritas Resiliency Platform Enablement Addon failed to get installed on Solaris Managed 
Host
* 3900221 (3902093) DRL in volume properties does not show as 'On' even if we create mirror 
volume with DRL
* 3901049 (3902091) Alert email received time is incorrect in Gmail.
* 3902456 (3902863) Service Group online times out is 180 sec, it should be 300 sec.
* 3903305 (3905193) Unable to view the rules from the management console in VOM for
modification/updation/deletion after it is created.
* 3903675 (3901336) Concurrency violation is observed for web resource and HF installation fails for
VIOM CMS HA
* 3903678 (3901336) Concurrency violation is observed for web resource and HF installation fails for
VIOM CMS HA
* 3906365 (3912854) Windows bluescreen with xprtld.exe
* 3906937 (3907173) "No rows to display" was showed on "Packages" tab on "Server"
* 3908919 (3909047) Check_vvr_health funcction in S7nrvvr.pm does not work for Solaris 
managed hosts.
* 3911174 (3913083) Qualys Scan reported Vulnerability "SSL Certificate - Subject
Common Name Does Not Match Server FQDN".


DETAILS OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
This patch fixes the following incidents:

Patch ID: vom-HF0710600

* 3874671 (Tracking ID: 3877660)

SYMPTOM:
Audit Events have difference of 6 hours as compare to actual event time.

DESCRIPTION:
Time for the audit event is less than six hours to actual event time.

RESOLUTION:
The difference of +6 hours time is because PostgreSQL patch is
missing and postgreSQLs
/opt/VRTSsfmcs/pgsql/share/postgresql/timezone/Europe/Moscow is
having this issue. Fixed the Moscow time zone.

* 3875074 (Tracking ID: 3910932)

SYMPTOM:
Sometimes you may see that RVGs on the servers go missing. RVGs do not
come back even after refresh of hosts.

DESCRIPTION:
When RVGs are under VCS Service Groups control and SGs on
offline/online or switch to another node, you may see that sometimes RVGs are not
visible in VIOM GUI.

RESOLUTION:
Fix to handle discovery and deletion of RVGs.

* 3876741 (Tracking ID: 3877426)

SYMPTOM:
Unconfigure Device windows shows 'Operation in Progress' for long time.

DESCRIPTION:
While performing unconfiguration of an enclosure, you may see
Unconfigure Device windows shows 'Operation in Progress' for long time.

RESOLUTION:
Fixed the broken DB Stored Procedure.

* 3876961 (Tracking ID: 3889392)

SYMPTOM:
vbs is getting offline and reconfigured repeatedly

DESCRIPTION:
Suspecting that sometime database query to fetch the vbs configured host not
return any data

RESOLUTION:
Added the fix to re-execute the query after 10 sec if no data return previously

* 3878021 (Tracking ID: 3889402)

SYMPTOM:
VOM is spawning multiple perl.exe perl.bin

DESCRIPTION:
VOM is spawning multiple perl.exe perl.bin , it is observed that vbsdeploy -verify
& vbsdeploy -deploy process does not exits sometime

RESOLUTION:
Added preventive fix in VOM to exits vbsdeploy -verify process after 30 sec and
vbsdeploy -deploy if these process did not exits
actual fix is provided in private vbsdeploy.pl script

* 3878874 (Tracking ID: 3889597)

SYMPTOM:
Even though 200 lines of logs are showing on single page wizard , pagination is
showing for wizard

DESCRIPTION:
Even though 200 lines of logs are showing on single page wizard , pagination is
incorrectly showing for wizard.
Logs are populated from file and not from databases, in VOM framework pagination
feature is not implemented for data populated from file

RESOLUTION:
Removing the pagination , we are showing logs on single page

* 3879128 (Tracking ID: 3881253)

SYMPTOM:
Do not see Solaris Logical Domains under Virtualization Perspective.

DESCRIPTION:
After adding Logical Domains to VIOM; it is not visible under
Virtualization Perspective due to length of the hostid of Oracle T4-1B blade server.

RESOLUTION:
Converted hostid from numeric to string by prefixing 'hid'.

* 3879219 (Tracking ID: 3898018)

SYMPTOM:
Kernel message appears when execute 'vxlist' command on Linux server.

DESCRIPTION:
Kernel message like 'program vxdclid is using a deprecated SCSI ioctl, please
convert it to SG_IO' when execute 'vxlist' command on Linux server.

RESOLUTION:
Issue was in gvdid shared library while matching kernel version. Fixed the version
matching issue.

* 3879635 (Tracking ID: 3889903)

SYMPTOM:
VOM GUI reporting that the CP7 is partially installed.

DESCRIPTION:
VOM GUI reporting that the CP7 is partially installed.

RESOLUTION:
Return correct CP status for each CP. On SFW 6.0.1 when multiple CP's
are installed, script was returning partially installed status even if CP is
installed properly.

* 3880002 (Tracking ID: 3879999)

SYMPTOM:
Not able to run policy check scans.

DESCRIPTION:
If policy check scans are run, this causes the web server to crash.

RESOLUTION:
Replaced threads based policy check scans by quartz based scheduler.

* 3880298 (Tracking ID: 3889400)

SYMPTOM:
VBS resource dependency was removed on VOM GUI after a AppHA server reboot.

DESCRIPTION:
It looks like that after guest is rebooted , discovery failed to get the
Application configuration in app.conf file and delete all the objects.
Added the fix to not delete the ApplicationHA configuration

RESOLUTION:
Added the fix to not delete the ApplicationHA configuration.

* 3880516 (Tracking ID: 3889763)

SYMPTOM:
You can not perform any operation on MHs.

DESCRIPTION:
There are multiple issues
1. Sometimes java.exe process is not killed on Windows CMS.
2. Changed location of 'SystemDefaultTrustDirectory' on Windows MHs.
3. Issues in migration when CMS is Windows and MHs are UNIX.

RESOLUTION:
1. Killing java.exe process forcefully.
2. Using correct location of 'SystemDefaultTrustDirectory'.
3. Modified at_migration.pl so that when this is pushed to UNIX MHs, does not face
execution issue.

* 3880720 (Tracking ID: 3880927)

SYMPTOM:
OpenSSL security vulnerabilities CVE-2016-21**

DESCRIPTION:
OpenSSL security vulnerabilities CVE-2016-21**

RESOLUTION:
Upgraded OpenSSL version to 1.0.2h

* 3880970 (Tracking ID: 3900930)

SYMPTOM:
VIOM CMS running on Windows server stops sending alert emails and put them in
spool directory.

DESCRIPTION:
If there are large number of events/alerts are getting generated, VIOM CMS running
on Windows server stops sending alert emails and put them in spool directory.

RESOLUTION:
Processing emails for event generation in batches.

* 3882240 (Tracking ID: 3892026)

SYMPTOM:
Performance View for CPU Utilization for AIX MH sometimes wrongly shows 100% spikes.

DESCRIPTION:
Performance View for CPU Utilization for AIX MH sometimes wrongly shows 100% spikes.

RESOLUTION:
Corrected parsing logic of vmstat CLI output to correctly compute CPU Utilization.

* 3882353 (Tracking ID: 3897958)

SYMPTOM:
On Solaris MH, xprtld process does not get started after server reboot.

DESCRIPTION:
Due to some service dependency issue, xprtld service does not get started and goes
in maintenance state after Solaris MH reboot.

RESOLUTION:
Fixed services dependencies.

* 3889533 (Tracking ID: 3896534)

SYMPTOM:
API showing error when disk/volume information is queried.

DESCRIPTION:
VIOM API when executed via host > diskgroups, does not show information on
upgraded
VIOM CS from VIOM 7.0 to VIOM 7.1

RESOLUTION:
Corrected columns required for disk/volume API to show output properly

* 3890097 (Tracking ID: 3896540)

SYMPTOM:
Create volume operation wizard shows blank page

DESCRIPTION:
Create Volume wizard shows blank page when operation is launched on host having SF
with patch

RESOLUTION:
Corrected SF version check to allow operation on host with SF patch installed

* 3891147 (Tracking ID: 3892217)

SYMPTOM:
sfha6.2.1.100 patch was not recognized after install llt/gab patches.

DESCRIPTION:
Some SFHA patches were not getting recognized by VIOM after you install llt/gab
patches.

RESOLUTION:
Fixed the script to recognize sfha6.2.1.100 patch.

* 3891425 (Tracking ID: 3893702)

SYMPTOM:
Tomcat Fileupload (CVE-2016-3092) vulnerability in VIOM.

DESCRIPTION:
commons-fileupload.jar version 1.3.1 is affected with CVE-2016-3092
vulnerability.

RESOLUTION:
Upgraded commons-fileupload.jar to version 1.3.2

* 3894201 (Tracking ID: 3898851)

SYMPTOM:
VIOM GUI does not show all paths for Netapp C-MODE Disks attached to Servers.

DESCRIPTION:
VIOM GUI does not show all paths for Netapp C-MODE Disks attached to Servers.

RESOLUTION:
Made changes in gvdid to discover multi paths for Netapp C-MODE Disks. The fix is
available for AIX, Linux and Windows only.

* 3894318 (Tracking ID: 3900764)

SYMPTOM:
TLS is capable of using a multitude of ciphers (algorithms) to create 
the public and private key pairs. For example if TLSv1.0 uses either the RC4
stream cipher, or a block cipher in CBC mode. RC4 is known to have biases and
the
block cipher in CBC mode is vulnerable to the POODLE attack.

DESCRIPTION:
TLS is capable of using a multitude of ciphers (algorithms) to create 
the public and private key pairs. For example if TLSv1.0 uses either the RC4
stream cipher, or a block cipher in CBC mode. RC4 is known to have biases and
the
block cipher in CBC mode is vulnerable to the POODLE attack.
TLSv1.0, if configured to use the same cipher suites as SSLv3, includes a 
means by which a TLS implementation can downgrade the connection to SSL v3.0,
thus
weakening security.

RESOLUTION:
There is now option to disable the use of TLSv1.0 protocol in favor of a
cryptographically stronger protocol such as TLSv1.2.


To disable TLSv1.0 in VIOM, you should apply this patch to CMS and to all MHs.
If you have some older version MHs, please upgrade them to 7.1 and apply the
patch.

Then, follow below steps to disable TLSv1.0 after applying the patch.

1. Windows CMS
a) Open C:\ProgramData\Symantec\VRTSsfmcs\sec\systemprofile\VRTSatlocal.conf
   Set value of "AllowTLSV1"=dword:00000000
   Save and close the conf file.

b) Open C:\ProgramData\Symantec\VRTSsfmh\sec\systemprofile\VRTSatlocal.conf
   Set value of "AllowTLSV1"=dword:00000000
   Save and close the conf file.

c) Restart AT and XPRTLD
   cd C:\Program Files\Veritas\VRTSsfmcs\bin
   vomsc --stop at
   vomsc --stop xprtld
   vomsc --start at
   vomsc --start xprtld

2. Linux CMS
a) Open /var/opt/VRTSsfmcs/sec/root/.VRTSat/profile/VRTSatlocal.conf
   Set value of "AllowTLSV1"=dword:00000000
   Save and close the conf file.

b) Open /var/opt/VRTSsfmh/sec/root/.VRTSat/profile/VRTSatlocal.conf
   Set value of "AllowTLSV1"=dword:00000000
   Save and close the conf file.

c) Restart AT and XPRTLD
   cd /opt/VRTSsfmcs/bin
   ./vomsc --stop at
   ./vomsc --stop xprtld
   ./vomsc --start at
   ./vomsc --start xprtld

* 3894849 (Tracking ID: 3894848)

SYMPTOM:
Login in VIOM GUI fails when login with LDAP user.

DESCRIPTION:
When login with LDAP user in VIOM GUI, you see error "Server is
unreachable. Please try again after some time". When you refresh the browser, you
see that login is success.

RESOLUTION:
Increased the login page time out.

* 3895769 (Tracking ID: 3895914)

SYMPTOM:
1. VULNERABILITY: Remote Command Execution via VIOM.
2. VULNERABILITY: Unauthenticated Blind SQL Injection via VIOM.

DESCRIPTION:
1. VULNERABILITY: Remote Command Execution via VIOM
- An authenticated, unprivileged user can execute arbitrary commands as root
using remote 
command injection.  This can lead to full compromise of the system.

2. VULNERABILITY: Unauthenticated Blind SQL Injection via VIOM
- An unauthenticated user can execute arbitrary commands using SQL injection. On
Linux 
this command runs as an unprivileged user.  On Windows this command runs as SYSTEM.

RESOLUTION:
1. VULNERABILITY: Remote Command Execution via VIOM
- VIOM scripts have been fixed to not allow command execution from unauthorized
users.

2. VULNERABILITY: Unauthenticated Blind SQL Injection via VIOM
- VIOM scripts have been fixed to not allow Blind SQL Injection.

* 3896106 (Tracking ID: 3904372)

SYMPTOM:
sfhbaapp.exe crashes or can not discover disks having capacities 2TB or more.

DESCRIPTION:
sfhbaapp.exe crashes or can not discover disks having capacities 2TB or more.

RESOLUTION:
Discovering disks capacities of such disks using WMI.

* 3898053 (Tracking ID: 3903111)

SYMPTOM:
On Linux Agents, you may not view replication status and intermittent view of RVG
links.

DESCRIPTION:
On Linux OS 7.2 or above, you may not view replication status and intermittent
view of RVG links due to incompatible library.

RESOLUTION:
Updated the library on Linux OS 7.2 and above.

* 3898907 (Tracking ID: 3899549)

SYMPTOM:
Veritas Resiliency Platform Enablement Addon failed to get installed on Solaris Managed 
Host 
because the hostguid of Managed Host is changed.

DESCRIPTION:
Veritas Resiliency Platform Enablement Addon failed to get installed on Solaris Managed 
Host 
because the hostguid on Managed Host is changed. So also, there was duplicate entry of 
the 
Managed Host in addon deployment view.

RESOLUTION:
Corrected logic of regeneration of hostguid logic to consider if all the MAC ids are changed. 
Corrected VCS discovery to report the hostguid which is reported by HOST discovery, to 
avoid 
duplicate entry in addon deployment view.

* 3900221 (Tracking ID: 3902093)

SYMPTOM:
For mirror plexes volume if DRL is set as on the it is not shown in UI.

DESCRIPTION:
VOM doesn't shows DRL property in UI even if it is on for mirror plexes.

RESOLUTION:
Removed earlier code which was checking DRL only for DCO volumes. Added code 
such that it checks DRL property for simple mirror plexes as well as DCO volumes.

* 3901049 (Tracking ID: 3902091)

SYMPTOM:
if vom server and mail server are in two different time zone, then alert email are not 
received at correct time of mail server zone.

DESCRIPTION:
email recieved time at mail server side is different if vom server and mail server 
are in two different time zone.

RESOLUTION:
Added time zone to email header to specify the time zone.

* 3902456 (Tracking ID: 3902863)

SYMPTOM:
Service Group online times out is 180 sec.

DESCRIPTION:
Service Group online times out is 180 sec, it should be 300 sec.

RESOLUTION:
Increased timeout value from 180 sec to 300 sec.

* 3903305 (Tracking ID: 3905193)

SYMPTOM:
Rules created in VIOM go disappear.

DESCRIPTION:
If there are large number of OEs are created in VIOM, then you may not view the
rules created.

RESOLUTION:
Fixed the GUI view to show the rules.

* 3903675 (Tracking ID: 3901336)

SYMPTOM:
1. When VCS web resource for VIOM tries to online on both the nodes, concurrency
violation is observed
2. HF installation fails on second node of VIOM CMS HA and Database resource
fails to come to online state.

DESCRIPTION:
1. VCS web resource for VIOM starts on both the nodes of the cluster, resulting
in concurrency violation.

2. HF installation fails on second node of VIOM CMS HA , resulting in Database
resource to come to online state.

RESOLUTION:
1.The  DOMAIN_MODE is set to to false on the slave node as soon as xprtld
process gets restarted during the upgrade process, thereby ensuring that the DB
comes online after the HF installation
2.Removed the code to check for virtual IP address dependencies which used to
earlier start the web service on second node of the cluster

* 3903678 (Tracking ID: 3901336)

SYMPTOM:
1. When VCS web resource for VIOM tries to online on both the nodes, concurrency
violation is observed
2. HF installation fails on second node of VIOM CMS HA and Database resource
fails to come to online state.

DESCRIPTION:
1. VCS web resource for VIOM starts on both the nodes of the cluster, resulting
in concurrency violation.

2. HF installation fails on second node of VIOM CMS HA , resulting in Database
resource to come to online state.

RESOLUTION:
1.The  DOMAIN_MODE is set to to false on the slave node as soon as xprtld
process gets restarted during the upgrade process, thereby ensuring that the DB
comes online after the HF installation
2.Removed the code to check for virtual IP address dependencies which used to
earlier start the web service on second node of the cluster

* 3906365 (Tracking ID: 3912854)

SYMPTOM:
system crashes with blue screen

DESCRIPTION:
Windows bluescreen with xprtld.exe

RESOLUTION:
remove csrss.exe from being killed by VIOM.

* 3906937 (Tracking ID: 3907173)

SYMPTOM:
packages tab is empty in server perspective.

DESCRIPTION:
packages are not displayed in packages tab.

RESOLUTION:
made changes in packages discovery for solaris platform

* 3908919 (Tracking ID: 3909047)

SYMPTOM:
Heath status for vvr link is not displayd

DESCRIPTION:
Check_vvr_health funcction in S7nrvvr.pm does not work for Solaris managed 
hosts.

RESOLUTION:
made changes agentlet to handle same for sol11

* 3911174 (Tracking ID: 3913083)

SYMPTOM:
Qualys scan reports vulnerability that "SSL Certificate - Subject Common
Name Does Not Match Server FQDN".

DESCRIPTION:
Qualys scan reports "Subject Common Name Does Not Match Server FQDN"
vulnerability for localhost certificate.

RESOLUTION:
Added Subject Alternative Name "DNS" entry in localhost certificate.



INSTALLING THE PATCH
--------------------
IMPORTANT NOTE : Please take a backup of the database using the instructions given in the Admin guide before installing this Hotfix.

This Hotfix is applicable for VOM 7.1 Managed Hosts as well as VOM 7.1 Management Server.


1. Download the file vom-7.1.0.600.sfa
2. Launch a browser and login to the VIOM management server.
3. Navigate to Settings ->              Deployment Icon.
4. Upload the Hotfix to the VIOM CMS using the "Upload Solutions" button.
   The Hotfix vom-7.1.0.600 should be visible in the Hot Fixes tree node.
5. Please install this Hotfix on CS using the following instructions:
    - Go to Settings ->             Deployment ->             Hot Fixes ->             Veritas Infoscale Operations Manager Managed Host.
    - Click on Hot Fixes Tab. Click on Applicable Hosts Tab.
    - Right click on CS Name and click on Install.


REMOVING THE PATCH
------------------
Un-installation and rollback of this Hotfix is supported only on Solaris 10 and AIX platforms.


SPECIAL INSTRUCTIONS
--------------------
NONE


OTHERS
------
NONE