README VERSION : 1.1
README CREATION DATE : 2021-02-19
PATCH-ID : vom-HF0742300
PATCH NAME : vom-742-Update2
BASE PACKAGE NAME : VRTSfmh
BASE PACKAGE VERSION : Veritas Operations Manager 7.4.2.0
SUPERSEDED PATCHES : vom-HF0742200
REQUIRED PATCHES : NONE
INCOMPATIBLE PATCHES : NONE
SUPPORTED PADV : aix, aix71, aix72, rhel6_x86_64, rhel7_x86_64, rhel8_x86_64, sles11_x86_64, sles12_x86_64, sles15_x86_64, sol11_sparc, sol11_x86, w2k12r2X64, w2k16X64, w2k19X64
(P-PLATFORM , A-ARCHITECTURE , D-DISTRIBUTION , V-VERSION)
PATCH CATEGORY : MH
PATCH CRITICALITY : OPTIONAL
HAS KERNEL COMPONENT : NO
ID : NONE
REBOOT REQUIRED : NO
REQUIRE APPLICATION DOWNTIME : NO
PATCH INSTALLATION INSTRUCTIONS:
--------------------------------
IMPORTANT NOTE : Please take a backup of the database using the instructions given in the Admin guide before installing this Hotfix.
Technote link to get more details about this patch release
https://www.veritas.com/support/en_US/doc/viom_technote_7.4.2.300
This Hotfix is applicable for VOM 7.4.2 Managed Hosts as well as VOM 7.4.2 Management Server.
1. Download the file vom-7.4.2.300.sfa
2. Launch a browser and login to the VIOM management server.
3. Navigate to Settings -> Deployment Icon.
4. Upload the Hotfix to the VIOM CMS using the Upload Solutions button.
The Hotfix vom-7.4.2.300 should be visible in the Hot Fixes tree node.
5. Please install this Hotfix on CS using the following instructions:
- Go to Settings -> Deployment -> Hot Fixes -> Veritas Infoscale Operations Manager Managed Host.
- Click on Hot Fixes Tab. Click on Applicable Hosts Tab.
- Right click on CS Name and click on Install.
PATCH UNINSTALLATION INSTRUCTIONS:
----------------------------------
Un-installation and rollback of this Hotfix is supported only on Solaris 11 and AIX platforms.
SPECIAL INSTRUCTIONS:
-----------------------------
Post installation tasks for the patch
After you install Patch 7.4.2.300 on a Veritas InfoScale Operations Manager (VIOM) Management Server and the managed hosts, update the following addons:
• Control Host (VRTSsfmch-7.4.2.300), which is applicable to the Management Server and the managed hosts. Update this addon if you have configured agentless hosts, virtualization servers like vCenter, HMC, and LPAR discoveries or storage arrays discoveries in the VIOM management console.
• Storage Insight addon (VRTSsfmsi-7.4.2.300), which is applicable to the Management Server only. Update this addon if you have configured storage array discoveries in the VIOM management console.
SUMMARY OF FIXED ISSUES:
-----------------------------------------
PATCH ID:vom-HF0742300
4028854 (4028853) Discrepancy between ncore license report and Excel version.
4028872 (4028869) Product Enhancement - VIOM Web API to remove/unconfigure Agent from Management Server.
4028955 (4028954) VCS Service Groups status not showing intermittently for all hosts in a cluster in VIOM GUI.
4028959 (4028958) VIOM email notification does not mention the faulted resource name for VCS resource faulted alert.
4028969 (4028968) Product Enhancement - Support of third party certificate for xprtld process running on port 5634.
4028998 (4028997) Veritas InfoScale Operations Manager on Windows allows an attacker to run arbitrary code with administrator privilege.
4029001 (4028983) Upgrade tomcat to 9.0.41 and java to Amazon Corretto java 8.275.01.1
PATCH ID:vom-HF0742200
4017417 (4017414) Host family discovery fail due to json error in Task.pm
4017420 (4017419) VIOM Web Server does not start at the end of VIOM CMS patch upgrade.
4017423 (4017422) While adding VIOM Agent to VIOM CMS, getting error "Host is already part of the domain".
4017437 (4017435) Not able to generate email alert for VCS cluster down from Availability perspective.
4017442 (4017440) VIOM does report no valid SFHA license for version 5.1 on Windows servers.
4017453 (4017444) Tomcat upgrade to 9.0.37.0
4017461 (4017460) Product Enhancement - New reports for Veritas Volume Replicator.
4017472 (4017463) Product Enhancement: CLI to configure LDAP in VIOM.
PATCH ID:vom-HF0742100
4009452 (4009454) Can not expand VVR volume on Windows InfoScale Node from VIOM GUI.
4009466 (4009463) MH patch install on Solaris 11 hosts does not unset the Veritas publisher.
4009469 (4009472) Some other fixes and security upgrades.
4009471 (4009470) VIOM patch shows Not installed though it is installed.
4009475 (4009474) Windows MH agent showing disconnected in VIOM even after refresh/reboot
SUMMARY OF KNOWN ISSUES:
-----------------------------------------
NONE
KNOWN ISSUES :
--------------
After you install Patch 7.4.2.300, the discovery of fabrics or switches from Brocade and Cisco may fail due to incorrect credentials.
Workaround: Reconfigure the fabrics and switches so that they can be discovered successfully.
After you install Patch 7.4.2.300, the 2FA validate functionality may not work.
Workaround: Reset Pin for first time after applying a patch, then 2FA validate functionality work with new pin.
FIXED INCIDENTS:
----------------
PATCH ID:vom-HF0742300
* INCIDENT NO:4028854 TRACKING ID:4028853
SYMPTOM: Data mismatch in Excel and license report.
DESCRIPTION: Data of column ncore to license mismatch in Excel generated from Deployment details tab of licensing perspective and "Per core license information" report of licensing perspective.
RESOLUTION: "Fixed db schema/view"
* INCIDENT NO:4028872 TRACKING ID:4028869
SYMPTOM: N/A
DESCRIPTION: Details on using VIOM Web API are available in technote https://www.veritas.com/support/en_US/doc/viom_technote_7.4.2.300
RESOLUTION: N/A
* INCIDENT NO:4028955 TRACKING ID:4028954
SYMPTOM: In Availability perspective, status of VCS service group was intermittently showing empty for some hosts or all hosts in a cluster.
DESCRIPTION: VCS Service Groups status in VIOM GUI was intermittently showing empty for some hosts or all hosts in a cluster.
RESOLUTION: Fix added in sfmh discovery -Triggered VCS rescan after 'hasys -add' operation.
* INCIDENT NO:4028959 TRACKING ID:4028958
SYMPTOM: VIOM email notification does not mention the faulted resource name for VCS resource faulted alert.
DESCRIPTION: Email notification for faulted VCS resource do not mention resource name.
RESOLUTION: Added the resource name while generating alert in VCS discovery and in alert definition of 'event.alert.vom.vcs.resource.faulted'.
* INCIDENT NO:4028969 TRACKING ID:4028968
SYMPTOM: N/A
DESCRIPTION: You may import your own certificate for xprtld process running on port 5634 on Linux CMS and Linux, Solaris, AIX MHs.
Details on using third party certificate for xprtld process are available in technote https://www.veritas.com/support/en_US/doc/viom_technote_7.4.2.300
RESOLUTION: N/A
* INCIDENT NO:4028998 TRACKING ID:4028997
SYMPTOM: A low privileged user on the Windows system without any privileges in VIOM can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine resulting in arbitrary code execution as SYSTEM when the service starts.
DESCRIPTION: On start-up, the VIOM Agent loads the OpenSSL library from \usr\local\ssl. This library attempts to load the \usr\local\ssl\openssl.cnf configuration file which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf, where <drive> could be the default Windows installation drive such as C:\ or the current working directory from where the VIOM services / processes are running. By default, on Windows systems, users can create directories under C:\. A low privileged user on the Windows system without any privileges in VIOM can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, to access all installed applications, etc.
This vulnerability affects Veritas InfoScale Operations Manager (VIOM) and Agents.
RESOLUTION: Upgraded openssl version.
* INCIDENT NO:4029001 TRACKING ID:4028983
SYMPTOM: Tomcat and java Security Updates.
DESCRIPTION: Tomcat upgraded to 9.0.41 and java to Amazon Corretto java 8.275.01.1
RESOLUTION: Upgraded tomcat and java to latest version available.
PATCH ID:vom-HF0742200
* INCIDENT NO:4017417 TRACKING ID:4017414
SYMPTOM: json error in Task.pm is seen in log messages.
DESCRIPTION: During Host family discovery on VIOM servers (CMS and Agents), you may see 'json error in Task.pm'.
RESOLUTION: Fixed json error
* INCIDENT NO:4017420 TRACKING ID:4017419
SYMPTOM: VIOM Web Server does not start at the end of VIOM CMS patch upgrade.
DESCRIPTION: If customer's own certificate is being used for VIOM web server and the keystore password is different from the default 'changeit', then you may see that VIOM web server is not getting started at the end of VIOM patch upgrade.
RESOLUTION: Taking backup of server.xml and restoring it after patch upgrade.
* INCIDENT NO:4017423 TRACKING ID:4017422
SYMPTOM: You may see this issue on Linux Virtual Machines where VMs are cloned.
DESCRIPTION: While adding VIOM Agent (Linux VM) to VIOM CMS, getting error "Host is already part of the domain".
RESOLUTION: Created a unique ID for cloned Linux VMs based.
* INCIDENT NO:4017437 TRACKING ID:4017435
SYMPTOM: You are not receiving email alert for VCS cluster down if rule is created under Availability perspective.
DESCRIPTION: You are not receiving email alert for VCS cluster down if rule is created under Availability perspective.
RESOLUTION: Added support for sending email alert from Availability perspective for VCS cluster down.
* INCIDENT NO:4017442 TRACKING ID:4017440
SYMPTOM: VIOM GUI shows no valid license fault for SFHA 5.1
DESCRIPTION: VIOM was not able to detect the SFHA 5.1 license key on Windows.
RESOLUTION: Detected the license key,
* INCIDENT NO:4017453 TRACKING ID:4017444
SYMPTOM: Tomcat vulnerabilities reported.
DESCRIPTION: Tomcat upgrade to 9.0.37.0
RESOLUTION: Upgraded tomcat version.
* INCIDENT NO:4017461 TRACKING ID:4017460
SYMPTOM: N/A
DESCRIPTION: VIOM does now have three new reports related to VVR in Server perspective.
- VVR replication data status
- Data Replication Status-Weekly
- Data Replication Status-Monthly
Details on new VVR reports are available in technote https://www.veritas.com/support/en_US/doc/viom_technote_7.4.2.200
RESOLUTION: N/A
* INCIDENT NO:4017472 TRACKING ID:4017463
SYMPTOM: N/A
DESCRIPTION: New CLI to allow VIOM user to -
- Configure LDAP
- Assign permissions
- Unconfigure LDAP
- Change bind user password for already configured LDAP.
RESOLUTION: N/A
PATCH ID:vom-HF0742100
* INCIDENT NO:4009452 TRACKING ID:4009454
SYMPTOM: "Resize Volume" operation fails for VVR volume, for windows MH.
DESCRIPTION: VIOM GUI operation "Resize Volume" fails on Windows InfoScale Node when try to resize VVR volume.
RESOLUTION: Removed the decimal from VVR volume size and round off.
* INCIDENT NO:4009466 TRACKING ID:4009463
SYMPTOM: After VIOM patch install on Solaris Agents, 'pkg publisher' command shows Veritas publisher.
DESCRIPTION: After VIOM patch install on Solaris Agents, 'pkg publisher' command shows Veritas publisher. This publisher should be removed after patch install.
RESOLUTION: Unsetting publisher once patch is installed.
* INCIDENT NO:4009469 TRACKING ID:4009472
SYMPTOM: N/A
DESCRIPTION: - Java upgrade - Upgrade JAVA version to 1.8.0.252.
- Tomcat upgrade - Upgrade apache tomcat to 9.0.35 as mitigation to CVE-2020-9484 vulnerability.
- SmartIO related fixes
1) Cache state update in GUI.
2) Impact Analysis Chart fix.
3) Can not create multiple cache on same disk
- VCS Service Group related fixes
1) Not able to create link for Service group dependency
2) GUI shows firedrill task in RUNNING.
- xprtld service getting timed out after reboot because of slow network service start.
- vomsc status/start/stop command throwing error message.
- Policy signature scan report is giving exception when signature is registered.
- Storage Migration Solution fixes
1) Multiple volume migration tasks not able to schedule in single operations using migrate by host method.
2) Not able to do Volume Migration using Migrate Volume by Host method
RESOLUTION: Fixed above all mentioned issues.
* INCIDENT NO:4009471 TRACKING ID:4009470
SYMPTOM: In Deployment, the patch shows as Not Installed though it is successfully installed.
DESCRIPTION: Sometimes, you may see that VIOM patch installation is successful but when checking in Deployment, the patch shows as Not Installed and hence unable to apply the patch to other MH hosts.
RESOLUTION: Handled the Json exception.
* INCIDENT NO:4009475 TRACKING ID:4009474
SYMPTOM: Sometimes after Windows MH agent reboot, host can be seen in disconnected state in Settings->Host.
DESCRIPTION: You can see agent in disconnected state if host has Microsoft Failover Cluster Virtual Adapter.
RESOLUTION: Skipping the Microsoft Failover Cluster Virtual Adapter from the host GUID.
INCIDENTS FROM OLD PATCHES:
---------------------------
NONE
