IBM Support

Tivoli Netcool/OMNIbus 8.1.0 Fix Pack 24, 8.1.0-TIV-NCOMNIbus-FP0024

Download


Abstract

This fix pack is a cumulative fix release and addresses some new APARs and internally found issues since the release of Tivoli Netcool/OMNIbus 8.1.0 Fix Pack 23.

Download Description

Java 8 Important Information

This upgrade uninstalls the existing IBM Java 7 and installs the latest version of the IBM Java 8 JRE. If any of the Java 7 files were modified since the v8.1 installation, then these modified files are removed during the upgrade process, with the exception of the java.security file. Before you perform the upgrade, backup these modified files to a private location, then after the upgrade reapply the modifications. The Java 8 java.security file has big differences to the Java 7 java.security file, so any modifications will need to be applied after reviewing the default file.

IBM Java 8 will NOT run on some older versions of operating systems, which include the following operating systems:
- AIX 6.1 before Tech Level 9
- Older versions of Linux (due to a GLIBC 2.7 requirement)
- Solaris SPARC 32 bit (IBM Java on Solaris SPARC is 64 bit only)

The following defect solutions are included in this release:

8.1.0-TIV-NCOMNIbus-FP0024

--------------------------

IJ20672
        As a result of some penetration testing, some changes have been
        made to the HTTP interfaces (ObjectServer REST/OSLC and Probe
        bi-directional). Headers sent in responses to HTTP requests have
        been modified (see the changes to
        $OMNIHOME/etc/default/libnhttpd.json and these changes will need
        to be manually merged in to the $OMNIHOME/etc/libnhttpd.json
        file). The X-XSS-Protection header is now set, as is the
        X-Content-Type-Options header (with a value of "nosniff"). For
        CORS responses (within the ObjectServer REST/OSLC interface) the
        value of the Access-Control-Allow-Credentials header is no longer
        hard coded and can now be modified in the libnhttpd.json file.
        Client initiated SSL renegotiation is now disabled to avoid a
        potential denial of service.

IJ21707
        The log messages relating the journal processing within
        ObjectServer gateways have been cleaned up. The gateway now also
        logs the correct error code as part of the following error
        message instead of "0:No error":-
          Error: E-GTK-102-154: [ngtk]: ObjectServerA: Writer table data post-processing batch handler function has failed to complete successfully. (0:No error)

IJ23924
        Add the ability for event list clients to specify a list of
        common names that are acceptable when validating an SSL
        connection to the ObjectServer.
        On Unix platforms, set the NCO_SSL_COMMONNAME environment
        variable to a comma-separated list of acceptable common names,
        prior to running nco_event.
        On Windows platforms, create a new string value named
        NCO_SSL_COMMONNAME under the registry key
        HKEY_CURRENT_USER\Software\Micromuse\OMNIbus\CurrentVersion\Desktop
        Settings\NCOEvent, and set the value to a comma-separated list of
        acceptable common names, prior to running the Event List GUI.

IJ24313
        Several problems related to the internal caches in the
        ObjectServer gateways (uni- and bi- directional) have been
        resolved. These could cause the wrong journal entries to be
        deleted from the destination ObjectServer, the correct journal
        entries not be deleted from the destination ObjectServer, or even
        the abnormal exit of the gateway.

IJ24505
        If the environment variable NDE_DATETOTIME_DEBUG is set when the
        process is run then libnetcool will output more debug information
        concerning datetotime conversions. This is to enable capturing
        information required to debug possible problems with datetotime
        conversions involving different timezones and daylight savings
        time.
IJ25040
        nco_aes_crypt now warns if the contents of a file being encrypted
        contains only one line and has a trailing carriage return
        character. If the entry being encrypted is a password then the
        trailing carriage return will be included in the resulting text
        when decrypted by the OMNIbus component, which could affect it
        being accepted correctly when used. When nco_aes_crypt encrypts
        an entry specified on the command line, or read in from stdin, it
        removes the trailing carriage return but not when reading in from
        a file (as the carriage return may be significant).

IJ26082
        nco_objserv, nco_bridgeserv, nco_proxyserv, nco_g_objserv_uni and
        nco_g_objserv_bi now report their version and locale information
        at the top of their log files (the log header). These binaries,
        and also probes, now report the value of the TZ environment
        variable in their log headers. This was requested in RFE 8731.
        Some new debug messages have been added to libnstore to aid
        future debugging. The value of the TZ environment variable is
        logged at the top of every logfile to aid future debugging.
        Probes now log a message at Info level per event, this was
        requested in RFE 8636.
        Profiler timing submitted messages are now logged a DEBUG level
        (this was requested in RFE 8747):-
          2020-07-08T12:25:45: Information: I-OBX-104-016: Profiler timing submitted from connection ID 1: 0.001488s
        becomes:-
          2020-07-08T12:25:45: Debug: D-OBX-105-043: Profiler timing submitted from connection ID 1: 0.001488s
        Message "E-OBX-102-068: Failed to send wait message to client
        blocked meta/data wait." now includes the client ID in the error
        message.
        ProcessAgent message "Cannot open '<filename>', assuming no ipv6
        interfaces" is now logged at INFO level, not ERROR. This was
        requested in RFE 8715.
        When a connection is dropped using the 'alter system drop
        connection' SQL a message is now logged giving details of the
        connection that initiated this which will also identify if it was
        issued by a temporal trigger.
IJ26102
        ObjectServer passwords stored locally by the server using the AES
        password one-way hashing scheme has been improved so that all
        characters in the password are significant, up to a maximum of
        64. Prior to this change, only the first 16 characters were
        significant in a password using the AES scheme.
        The change is backward compatible, in that any existing passwords
        stored in the older scheme will still be valid for use, but
        limited to 16 characters. As soon as a user changes their
        password this will be encoded in the new scheme.
        For a connection to the ObjectServer via the JDBC jConnect
        driver, the password is restricted to a maximum of 30 characters.
        This means that for a login via jConnect, for an account that has
        an ObjectServer password greater than 30 characters, the password
        cannot be successfully exchanged between the client and server
        and the login will fail. Client applications affected by this
        would be java based clients that connect via the JDBC jConnect
        driver. This would be applications such as nco_aen, nco_config
        (Netcool/OMNIbus Administrator), nco_confpack, nco_osreport,
        nco_g_servicenow (Gateway for ServiceNow), nco_g_remedy (Gateway
        for Remedy) and Web GUI.

IJ26105
        A limited set of JSON processing ObjectServer SQL functions have
        been added to the ObjectServer. These functions allow a large
        varchar column to be treated as a JSON formatted document as a
        string, rather than name/value pairs. The new SQL functions allow
        properties in the JSON document to get set and fetched. There is
        also a specialized function for more efficiently performing
        updates in the JSON document as part of a deduplication
        operation.
        1) json_prop_get(json, propname) - Get the value of the named
        property from the JSON string.
        2) json_prop_set(json, propname, propvalue) - Set the named
        property to the given value in the JSON string.
        3) json_prop_dedup(src_json, dst_json, propnames) - Take the set
        of named properties in the colon separated list of propnames,
        extract them from the source JSON string and apply them to the
        destination JSON string.

IJ27283
        To address possible security issues, the JRE for Tivoli
        Netcool/OMNIbus V8.1.0 is updated to IBM JRE 8.0 SR6 FP15.

IJ27407
        All remaining traces of libcurl's use have been removed from the
        product. These operations are now performed by the libnhttpd
        library.
IJ27618
        nco_adduser and nco_removeuser may report warnings about null
        bytes in input on RHEL 8.2. These scripts have been updated to
        avoid these warnings.

Installation Instructions

OMNIbus core 8.1 must be installed prior to installing this Fixpack.
Fixpacks are cumulative, the latest Fixpack can be applied to update
OMNIbus core to the latest Fixpack version.

IMPORTANT: Before installing this fix, ensure that all Tivoli Network
Management applications on your computer are shut down.

Installation Manager
--------------------
The latest version of Installation Manager is recommended and can be
downloaded from http://www.ibm.com/support/docview.wss?uid=swg27025142

Check the required version of IBM Installation Manager in the IBM Software
Product Compatibility Reports at:
http://publib.boulder.ibm.com/infocenter/prodguid/v1r0/clarity/index.html

Check the Installation Manager and OMNIbus version installed by running the
command:
imcl listInstalledPackages -features -long
which can be found in the following locations:
Windows: install_dir\IBM\Installation Manager\eclipse\tools
Linux and UNIX: install_dir/IBM/InstallationManager/eclipse/tools

Installation manager can be started in console mode by running the command:
imcl -c
which can be found in the following locations:
Windows: install_dir\IBM\Installation Manager\eclipse\tools
Linux and UNIX: install_dir/IBM/InstallationManager/eclipse/tools

Installation manager can be started in GUI mode by running the application:
IBMIM
which can be found in the following locations:
Windows: install_dir\IBM\Installation Manager\eclipse
Linux and UNIX: install_dir/IBM/InstallationManager/eclipse

At any stage if you encounter difficulties using Installation Manager
you can consult the built in help or the latest Installation Manager
documentation by searching IBM Knowledge Center at
https://www.ibm.com/support/knowledgecenter/SSDV2W/im_family_welcome.html.

Using IBM Passport Advantage(r)
-------------------------------
If your computer has internet access and you have an IBM Passport
Advantage account, you can update packages directly from Passport
Advantage.
1. Start Installation Manager.
2. Under the Preferences option, select Repositories and make
sure the "Search service repositories during installation
and updates" is checked.
3. Select the update option and select the "IBM Tivoli Netcool
OMNIbus" entry from the list of packages to find updates for.

Local Repository
----------------
Extract the Fixpack into a new temporary directory, then specify the
repository in the preferences before you update. Each package must
be extracted into a new directory.
1. Start Installation Manager.
2. Under the Preferences option, select Repositories and add a
new repository. Give the location of the extracted
OMNIbusRepository/composite directory
3. Select the update option and select the "IBM Tivoli Netcool
OMNIbus" entry from the list of packages to find updates for.

Electronic Software Delivery(ESD) Zip File
----------------------------------------------
If you have downloaded the ESD for Fix Pack 24 then:
1. Create a directory to store the files and extract the contents
on the zip file into this.
2. If you have installed Installation Manager using either
Administrator or Nonadministrator mode, run the update_gui
script to launch Installation Manager into the update panel
without the requirement of configuring the update repository.
3. If the script fails, or Installation Manager is installed in
Group mode, or you want to run in console mode, then you must
configure the update repository as in the Local Repository
above, with the new repository being the extracted
OMNIbusRepository/composite directory.
4. Select the "IBM Tivoli Netcool OMNIbus" entry from the list of
packages to find updates for.

On
[{"DNLabel":"8.1.0-TIV-NCOMNIbus-FP0024","DNDate":"06 Nov 2020","DNLang":"English","DNSize":"99999999 B","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+Netcool+OMNIbus&release=8.1.0.24&platform=All&function=all","DNURL_FTP":"","DDURL":null}]
[{"Product":{"code":"SSSHTQ","label":"Tivoli Netcool\/OMNIbus"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.1.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Product Synonym

Tivoli Netcool OMNIbus

Problems (APARS) fixed
IJ01907;IJ08574;IJ08930;IJ09087;IJ09115;IJ10282;IJ10825;IJ00723;IJ01428;IJ01536;IJ02556;IJ02853;IJ03072;IJ03480;IJ04088;IV79173;IV81481;IV82062;IV89921;IV89106;IV89509;IV90524;IV91125;IV91244;IV55784;IV56455;IV56609;IV59634;IV59959;IV60193;IV61491;IV61642;IV62192;IV62891;IV63168;IV63169;IV63203;IV63212;IV63220;IV63222;IV63225;IV63228;IV63229;IV63230;IV63230;IV63234;IV63236;IV63237;IV63248;IV63249;IV63757;IV63758;IV63759;IV51280;IV62328;IV64024;IV64030;IV64823;IV64841;IV65579;IV68196;IV68690;IV68940;IV69161;IV69293;IV69933;IV69934;IV69143;IV70540;IV71122;IV61840;IV67946;IV68107;IV68942;IV72682;IV73109;IV73123;IV73221;IV73279;IV73670;IV73963;IV74587;IV74679;IV74891;IV75451;IV75452;IV75473;IV75482;IV75484;IV75494;IV75501;IV75502;IV75555;IV75641;IV75687;IV75900;IV76107;IV69160;IV75714;IV77594;IV77881;IV78263;IV78277;IV78667;IV78761;IV79182;IV78816;IV79413;IV79952;IV78818;IV80092;IV80567;IV80895;IV81216;IV81225;IJ07070;IJ09400;IJ10801;IJ12082;IJ12536;IJ12787;IJ12794;IJ14266;IV90842;IJ11450;IJ15564;IJ15637;IJ15879;IJ16121;IJ16125;IV81126;IV85048;IJ04758;IJ15661;IJ15663;IJ15664;IJ16754;IJ17189;IJ17976;IJ18187;IJ18190;IJ18695;IJ18783;IJ00867;IJ02708;IJ11039;IJ16915;IJ20277;IJ20329;IJ20347;IJ20878;IJ21017;IJ21113;IJ21246;IJ21251;IV97889;IJ22316;IJ22802;IJ22958;IJ22959;IJ23815;IJ23844;IJ24357;IJ24381;IJ24423;IJ24448;IJ24487;IJ24701;IJ25653;IJ20672;IJ21707;IJ23924;IJ24313;IJ24505;IJ25040;IJ26082;IJ26102;IJ26105;IJ27283;IJ27407;IJ27618

Document Information

Modified date:
06 November 2020

UID

ibm16322641

Page Feedback