trustchk: Verification of attribute failed:

While running bosboot -a, Sometimes we may encounter trustchk: Verification of attribute failed: /etc/rc.teboot failed. This is due to trustbase has been enabled on the Server and So if the trustchk is failed, we need to verify or scan the file with trustchk command.

To Scan the file and automatically fix it, Need to execute below command.

# trustchk -y /etc/rc.teboot




No comments:
Labels: ,

ERR_SSL_VERSION_OR_CIPHER_MISMATCH for HMC


Issue :
Google Chrome refuses to open HMC ( Hardware Management for IBM AIX Console ) login page over https connection.

The following error is displayed:



This webpage is not available
A secure connection cannot be established because this site uses an unsupported protocol.
Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH


 Resolution:
Open chrome://flags
Look for "Minimum SSL/TLS version supported."
Choose SSLv3
Click on "Relaunch now" button
Open your https page again
You will be redirected to a "Your connection is not private" page. If you do not worry about this security issue click on the "Advanced" link.
Finally click on "Proceed to <your https page> (unsafe)".
No comments:
Labels:

Inittab entry for PowerHA / HACMP



Inittab entry to bring up cluster
No comments:

To check HACMP / POWERHA Version


How do you check what version of code you are running ?

# lslpp –l cluster.es.server.rte
Fileset Level State Description
----------------------------------------------
Path: /usr/lib/objrepos
cluster.es.server.rte 7.1.1.1 COMMITTED Base Server Runtime
Path: /etc/objrepos
cluster.es.server.rte 7.1.1.1 COMMITTED Base Server Runtime


Now you can also run:
# halevel –s
7.1.1 SP1


Also useful:
# lssrc –ls clstrmgrES | grep fix
cluster fix level is "3
No comments:
Labels:

Media Speed Not Showing for 10 Gigabit-SR Ethernet PCI-X Adapter (1410ba02) and 10 Gigabit Ethernet-SR PCI-X 2.0 DDR Adapter (1410eb02)


The driver installed on AIX for 10 Gigabit-SR Ethernet PCI-X Adapter (1410ba02) and 10 Gigabit Ethernet-SR PCI-X 2.0 DDR Adapter (1410eb02) does not provide the opportunity to vary the media speed so it and its data structures don't maintain any information regarding this parameter thus there is no information gathered by netstat. For this reason no media speed display has been coded into the device specific netstat/entstat

10GB Ethernet are Fiber and only run at 10GBit. .  There is no facility to change duplexity or speed and there is no autonegotiation as well

Ref:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.kernextc/gigabit_ethernet_sr-pci-x-ddr-adapter.htm 
1 comment:
Labels:

C:D UNIX stats XIPT016I + XSMG621I + XSMG631I + XSMG600I

Symptom

The combination of error messages below is the result of a non-C:D application trying to connect to the C:D UNIX port.  This could be a health check from a system monitor facility, a hardware load balancer, or something like an FTP Client being mistakenly used to connect to C:D UNIX.
e.g.  A FTP client trying to connect to C:D port 1364.
The TCP  session will be established ( SYN, SYN+ACK, ACK ) but then the session will hang. This is because the FTP Client is waiting as it expects the next packet to be sent by the FTP Server.  The Server side is actually C:D UNIX which is waiting as it is expecting a FMH68 from the Client side. The session ends when the FTP Client times out. The message "XIPT016I -TCP lost the connection. System error is Broken pipe." is issued when the timeout occurs.  

A similar sequence of messages are issued for outbound C:D Secure+ sessions when the remote system has no C:D sessions available. The difference is that there will be TCQ status change messages in the C:D UNIX stats before the XIPT016I and after the XSMG600I.  See article NFX9956 for further details.



Error Message
C:D UNIX stats when non-C:D application attempts to connect to to C:D UNIX port.
E XIPT 01/06/2011 16:31:44 ndm_error_set(): rc=16 fdbk=0 msgid=XIPT016I stext=TCP lost the connection. System error is Broken pipe.
E XSMG 01/06/2011 16:31:44 ndm_error_set(): rc=8 fdbk=0 msgid=XSMG621I stext=A receive from the remote node operation failed.
E XSMG 01/06/2011 16:31:44 ndm_error_set(): rc=16 fdbk=16 msgid=XSMG631I stext=SMGR failed to receive an FMH. Diag=XIPT016I.
E XSMG 01/06/2011 16:31:44 ndm_error_set(): rc=16 fdbk=16 msgid=XSMG600I stext=SMGR (snode) didn't receive FMH68 during session start.
E CXIT 01/06/2011 16:31:44 Snode SMGR exited. Pid=1200220. Exitcode=0.

Messages when outbound session using Secure+ is rejected by remote C:D because no sessions are available (e.g. remote C:D zOS rejects session because either MAXSESSIONS, MAXSECONDARY, or SESS.SNODE.MAX exceeded.)
E QCEX 12/15/2010 13:11:54 TCQ queue change from WAIT to EXEC, status PE.
E XIPT 12/15/2010 13:11:54 ndm_error_set(): rc=16 fdbk=0 msgid=XIPT016I stext=TCP lost the connection. System error is Broken pipe.
E XSMG 12/15/2010 13:11:54 ndm_error_set(): rc=8 fdbk=0 msgid=XSMG621I stext=A receive from the remote node operation failed.
E XSMG 12/15/2010 13:11:54 ndm_error_set(): rc=16 fdbk=16 msgid=XSMG631I stext=SMGR failed to receive an FMH. Diag=XIPT016I.
E XSMG 12/15/2010 13:11:55 ndm_error_set(): rc=16 fdbk=16 msgid=XSMG600I stext=SMGR (snode) didn't receive FMH68 during session start.
E QCHO 12/15/2010 13:11:55 TCQ queue change from EXEC to HOLD, status HE.
E CXIT 12/15/2010 13:11:55 Pnode SMGR exited. Pid=446576. Exitcode=0.

Resolving the problem

Ask your network team to identify the remote non-C:D application that is connecting to the C:D port. Stop the remote application from connecting to the C:D UNIX port.. 


Note:  tcpdump command could be used to identify the remote IP address when the problem is occuring  (Not suitable if the problem is intermitant)
tcpdump –n –l –s 100 port 1364                                                                Dump all inbound & outbound sessions using port 1364. This will output to the screen
tcpdump –n –l –s 100 port 1364 -w output.file.txt                                        This will output to a file.
tcpdump –n –l –s 100 port 1364 -r output.file.txt > output.file.formated.txt     This will format the the contents of the tcpdump output file and write it into a new file.

Example tcpdump output:
13:32:10.172133 IP 90.80.70.60.1704 > 10.20.30.40.1364: S 469734307:46973430>           
13:32:10.172190 IP 10.20.30.40.1364 > 90.80.70.60.1704: S 577235407:57723540>
13:32:10.402660 IP 90.80.70.60.1704 > 10.20.30.40.1364: . ack 1 win 1260    
13:32:31.171828 IP 90.80.70.60.1704 > 10.20.30.40.1364: F 1:1(0) ack 1 win 65   <<<  XIPT016I will be issued in C:D stats at this point. Remote aplication has timed out and issued a FIN.</strong></span>   
190.80.70.60.1704: . ack 2 win 65535   
13:32:31.172492 IP 10.20.30.40.1364 > 90.80.70.60.1704: F 1:1(0) ack 2 win 65
13:32:31.403852 IP 90.80.70.60.1704 > 10.20.30.40.1364: . ack 2 win 65535   
( S = SYN , F= FIN )    
No comments:
Labels:
Subscribe to: Posts (Atom)