Author Topic: CMOD 10.5 Release Notes  (Read 8420 times)

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1209
    • View Profile
IBM Content Manager OnDemand for z/OS V10.5 Readme
« Reply #15 on: September 07, 2022, 10:18:56 AM »
For everyone upgrading to 10.5 on z/OS - make sure you're referring to the z/OS 10.5 Upgrade Readme file located here:

https://www.ibm.com/support/pages/ibm-content-manager-ondemand-zos-v105-readme

This is separate from the multiplat server and client readmes which are published one-for-every-fixpack available here:

https://www.ibm.com/support/pages/ibm-content-manager-ondemand-multiplatforms-version-105-readme-files

Ed
« Last Edit: September 07, 2022, 01:08:02 PM by Ed_Arnold »
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1209
    • View Profile
arsmaint fails with ARS1106E starting with fixpack 10.5.0.6
« Reply #16 on: August 17, 2023, 11:03:23 AM »
The arsmaint program has always been designed to be initiated on the server. 

Prior to fixpack 10.5.0.6 this restriction was not enforced. 

Starting with 10.5.0.6 this restriction is being enforced. 

This can result in arsmaint failing in two different cases.

1.)    If arsmaint is not being initiated on the server, the solution is to run arsmaint on the server,

2.)    If arsmaint is  being initiated on the server, the server may not be resolving localhost correctly. Check to ensure the domain name localhost is resolved correctly.

Ref:   https://www.ibm.com/support/pages/node/7027952
« Last Edit: August 18, 2023, 10:32:15 AM by Ed_Arnold »
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1209
    • View Profile
Keyhole Issue With 10.5.0.7 PTF
« Reply #17 on: September 14, 2023, 12:57:27 PM »
Had a couple reports of the 10.5.0.7 PTF not APPLYing.

Solution is to APPLY everything up to and including 10.5.0.6 first.

In other words, 10.5.0.6 is the keyhole that service application has to pass through before APPLYing 10.5.0.7.

Ed
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1209
    • View Profile
ARSSOCKD on z/OS, SSO with ICN
« Reply #18 on: September 15, 2023, 02:51:20 PM »
IF you're configuring ICN for Single Sign-On on z/OS

THEN you need to be at 10.5.0.6.

HOWEVER - I am told that if you're not running arsusec as shipped, right out of the can, then there are no guarantees as to whether SSO will work.

Ed
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1209
    • View Profile
Don't specify an index two different ways
« Reply #19 on: January 02, 2024, 10:51:41 AM »
Specifying an index parameter two different ways is unsupported.

Specifically, in this instance, the problem was specifying job_name index created from two different sources: (INDEX1= and -b/-B).

After upgrading from 10.1 to 10.5 the symptom was reports that failed to load, despite having loaded successfully at 10.1.

In these cases, the 88-type record simply indicates an error of RC = 6.   

The desire was for -b/-B to win, overriding what ACIF (or any of the indexers) might have found in the report.   

However, that is  not supported. 

Remove one of the specifications.

#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1209
    • View Profile
Re: CMOD 10.5 Release Notes
« Reply #20 on: February 08, 2024, 02:01:48 PM »
At 10.5.0.7 the default TLS (SSL) level for both clients and the server flips from TLS V1.2 to TLS V1.3.

If implementing TLS for the first time, things might be easier if all of CMOD, clients and servers, are at 10.5.0.7 first.
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1209
    • View Profile
Re: CMOD 10.5 Release Notes
« Reply #21 on: April 30, 2024, 11:52:55 AM »
10.5.0.7 - the default IMDS switches from V1 to V2

The Instance Metadata Service Version 2 (IMDSv2) adds protections; specifically, IMDSv2 uses session-oriented authentication with the following enhancements: IMDSv2 requires the creation of a secret token in a simple HTTP PUT request to start the session, which must be used to retrieve information in IMDSv2 calls
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1209
    • View Profile
Re: CMOD 10.5 Release Notes
« Reply #22 on: April 30, 2024, 11:57:54 AM »
At 10.5.0.7 the default TLS (SSL) level for both clients and the server flips from TLS V1.2 to TLS V1.3.

If implementing TLS for the first time, things might be easier if all of CMOD, clients and servers, are at 10.5.0.7 first.

10.5.0.8 Release Note --- recommended for TLS V1.3

Changed in 10.5.0.8 is that if GSK_V3_CIPHER_SPECS_EXPANDED is not specified and you want TLS 1.3, development has added TLS 1.3 ciphers to the default ciphers.

If prior to 10.5.0.8, specify  GSK_V3_CIPHER_SPECS_EXPANDED=130313011302C02CC02BC030C02FC024C023 to ensure the TLS 1.3 cipher pairs (1301, 1302, 1303) are available.

Ed
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1209
    • View Profile
10.5.0.8 won't APPLY, wait for a fix before attempting
« Reply #23 on: May 07, 2024, 11:22:04 AM »
Error is max return code allowed on linkedit is 0, but getting a return code of 4.

The fix is being developed, I'll publicize when available.

Ed
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1209
    • View Profile
Re: CMOD 10.5 Release Notes
« Reply #24 on: May 10, 2024, 08:23:45 AM »
CMOD comes up with a default mode of FIPS = ON.

TLS V1.3 won't work when FIPS is ON.

If you're trying to implement TLS V1.3, add the following to your arssockd.cfg:
  • ARSSOCK_FIPS=0
Ed
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1209
    • View Profile
ODF IVP now available with 10.5.0.8
« Reply #25 on: May 13, 2024, 09:36:01 AM »
Run arsxml with the following files one at a time

/usr/lpp/ars/V10R5M0/bin/xml/samples/applgroupAdd.xml
/usr/lpp/ars/V10R5M0/bin/xml/samples/applicationAdd.xml
/usr/lpp/ars/V10R5M0/bin/xml/samples/recipientAdd.xml
/usr/lpp/ars/V10R5M0/bin/xml/samples/recipListAdd.xml
/usr/lpp/ars/V10R5M0/bin/xml/samples/rptIdAdd.xml
/usr/lpp/ars/V10R5M0/bin/xml/samples/distribAdd.xml
/usr/lpp/ars/V10R5M0/bin/xml/samples/rptBundleAdd.xml

Run arsload with

-g "Daily sales invoices" and input file /usr/lpp/ars/V10R5M0/samples/salesinvoice 

If the ODF started task is up that will kick off a distributioin.
_________________________

Here's a sample batch job that I use to run those arsxml commands one at a time:

//STEP1    EXEC PGM=BPXBATCH,REGION=0M                         
//*                                                             
//STEPLIB  DD DISP=SHR,DSN=ARS.ARSV1050.SARSLOAD               
//         DD DISP=SHR,DSN=DB2.V13R1M0.SDSNEXIT                 
//         DD DISP=SHR,DSN=DB2.V13R1M0.SDSNLOAD                 
//SYSPRINT DD SYSOUT=*                                         
//SYSOUT   DD SYSOUT=*                                         
//STDERR   DD SYSOUT=*                                         
//STDOUT   DD SYSOUT=*                                         
//STDPARM DD *                                                 
PGM /usr/lpp/ars/V10R5M0/bin/arsxml                             
add                                                             
-h ARCH1010 -u ed -p haha -v                             


« Last Edit: May 14, 2024, 07:01:57 AM by Ed_Arnold »
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1209
    • View Profile
Re: 10.5.0.8 won't APPLY, fix now available
« Reply #26 on: May 16, 2024, 11:17:56 AM »
Error is max return code allowed on linkedit is 0, but getting a return code of 4.

The fix is being developed, I'll publicize when available.

Ed

Fix is available:

https://www.ibm.com/support/pages/apar/PH61112


****************************************************************
* PROBLEM DESCRIPTION: 1.ARS0466E SSL CONNECT ERROR. A         *
*                      gsktrace shows EDC8105I SOCKET          *
*                      OPERATION ON NON-SOCKET                 *
*                      2.Message IEW2454W 9203 SYMBOL          *
*                      IEAN4RT UNRESOLVED.  NO AUTOCALL (NCAL) *
*                      SPECIFIED when applying a PTF           *
****************************************************************
1.A zero was passed to z/OS System SSL instead of a socket.
System SSL tried to use zero for socket operations leading to
connection failure.
2.A defect in a PTF building tool caused some PTFs to not
have updated JCLIN leading to SMP/E not allocating a SYSDEFSD DD
when needed, causing the IEW2454W message
Problem conclusion

1.The correct socket is passed to z/OS system SSL.
2.The PTF tool is corrected.  JCLIN for affected LMODs is
being reshipped.
#zOS #ODF