APAR status
Closed as microcode or hardware problem.
Error description
The release of IBM App Connect Enterprise 11.0.0.4 on Windows has not been cryptographically signed. This means that it is not possible to verify whether that the installed product on disk has been tampered with. This may have knock on effects with virus scanning programs reporting warnings or quarantining the executables and libraries included in ACE 11.0.0.4.
Local fix
NA
Problem summary
**************************************************************** USERS AFFECTED: All users of IBM App Connect Enterprise 11.0.0.4 for Microsoft Windows on x86-64 who downloaded this fix pack between 27th March 2019 and 15th May 2019 from Passport Advantage or Fix Central. Platforms affected: Windows on x86-64 platform **************************************************************** PROBLEM DESCRIPTION: The original release of IBM App Connect Enterprise 11.0.0.4 for Microsoft Windows on x86-64 which was released on 27th March 2019 and available until 15th May 2019 did not include cryptographic signatures in the executables and libraries used by the ACE runtime. This means that it is not possible to verify whether that the installed product on disk has been tampered with. This may have knock on effects with virus scanning programs reporting warnings or quarantining the executables and libraries included in ACE 11.0.0.4.
Problem conclusion
A new version of ACE 11.0.0.4 has been published to Fix Central and Passport Advantage which has been cryptographically signed correctly. This new version of 11.0.0.4 includes a fix with Fix ID 11.0.0.4-ACE-WinX64-TFIT29077 which can be seen via mqsiservice -v: C:\Program Files\IBM\ACE\11.0.0.4>mqsiservice -v BIPmsgs en_GB Console OEM CP=437, ICU CCSID=5348 Default codepage=ibm-5348_P100-1997, in ascii=ibm-5348_P100-1997 JAVA console codepage name=cp437 BIP8996I: Version: 11004 BIP8997I: Product: IBM App Connect Enterprise BIP8998I: Code Level: S000-L190325.15705 BIP8999I: Build Type: Production, 64 bit, amd64_nt_4 BIP8974I: Component: DFDL-C, Build ID: 20190218-2331, Version: 1.1.2.0 (1.1.2.0), Platform: windows_x86 64-bit, Type: production BIP8980I: Fix ID: 11.0.0.4-ACE-WinX64-TFIT29077 BIP8071I: Successful command completion. This APAR fix cannot be removed from the 11.0.0.4 installation and exists to ensure that the signed version is installed. In addition, the following Microsoft PowerShell snippet can be run to display a list of all the signed server binaries which can be compared with the list below as a secondary validation: Get-ChildItem 'C:\Program Files\IBM\ACE\11.0.0.4\server' -Recurse -Include *.dll, *.exe, *.lil, *.lsl | ForEach-Object {$signature = Get-AuthenticodeSignature $_; if ($signature.Status -eq 'Valid') {$hash = Get-FileHash -Path $_ -Algorithm SHA256; $hash.Path = Resolve-Path -Path $hash.Path -Relative; $hash}} The path 'C:\Program Files\IBM\ACE\11.0.0.4' should be modified to reflect the location of the 11.0.0.4 installation. The output of the above command should match the output detailed in http://www.ibm.com/support/docview.wss?uid=ibm10884572
Temporary fix
Comments
Confirm closure code MCH
APAR Information
APAR number
IT29077
Reported component name
APP CONNECT ENT
Reported component ID
5724J0550
Reported release
B00
Status
CLOSED MCH
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-05-09
Closed date
2019-05-16
Last modified date
2019-05-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSDR5J","label":"IBM App Connect Enterprise"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B00","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
16 May 2019