ECO NUMBER: DCEECO_015_2-V0100 PRODUCT: OpenVMS DCE OPERATING SYSTEM V0.0 UPDATE PRODUCT: OpenVMS DCE OPERATING SYSTEM V0.0 COVER LETTER 1 KIT NAME: DCEECO_015_2. 2 KITS SUPERSEDED BY THIS KIT: DEC-AXPVMS-DCEECO_015_1. 3 KIT DEPENDENCIES: 3.1 The following remedial kit(s) must be installed BEFORE installation of this, or any required kit: DEC-AXPVMS-VMS62TO71_PCSI-V0200--4.PCSI. 3.2 In order to receive all the corrections listed in this kit, the following remedial kits should also be installed: None. 4 KIT DESCRIPTION: 4.1 Version(s) of OpenVMS to which this kit may be applied: OpenVMS Alpha 6.2, V7.1, V7.1-2, V7.2, V7.2-1, V7.2-1H1. 4.2 Files patched or replaced: o [SYSEXE]DCE$CDSADV.EXE (new image) o [SYSEXE]DCE$CDSCLERK.EXE (new image) o [SYSEXE]DCE$CDSD.EXE (new image) o [SYSEXE]DCE$DTSD.EXE (new image) o [SYSEXE]DCE$GDAD.EXE (new image) o [SYSEXE]DCE$IDL.EXE (new image) o [SYSEXE]DCE$RGY_EDIT.EXE (new image) o [SYSEXE]DCE$RPCD.EXE (new image) o [SYSEXE]DCE$SECD.EXE (new image) -- COVER LETTER -- Page 2 8 March 2001 o [SYSEXE]DCE$SEC_CLIENTD.EXE (new image) o [SYSEXE]DCE$SEC_CREATE_DB.EXE (new image) o [SYSEXE]DCE$SX.EXE (new image) o [SYSHLP.EXAMPLES.DCE.DTSS]DCE$DTS_PROVIDER_HOPF.EXE (new image) o [SYSLIB]DCE$LIB_SHR.EXE (new image) o [SYSLIB]DCE$SOCKSHR_DNET_IV.EXE (new image) o [SYSLIB]DCE$SOCKSHR_DNET_OSI.EXE (new image) o [SYSLIB]DTSS$SHR.EXE (new image) o [DCE$LIBRARY]RPCTYPES.H (new file) o [DCE$LIBRARY]RPCTYPES.IDL (new file) o [SYSHLP.EXAMPLES.DCE.DTSS]DCE$DTS_PROVIDER.C (new file) o [SYSHLP.EXAMPLES.DCE.SX]DCESX.C (new file) o [SYSMGR]DCE$RPC_STARTUP.COM (new file) o [SYSMGR]DCE$SETUP.COM (new file) o [SYSMGR]DCE$SETUP_MULTINET.COM (new file) o [SYSLIB]IDL.CLD (new command definition) o [SYSLIB]RPCLM.CLD (new command definition) o [SYSLIB]UUID.CLD (new command definition) 5 PROBLEMS ADDRESSED IN DCEECO_015_2 KIT o DCE server processes such as DCE$SECD and DCE$CDSD, as well as user written DCE servers sporadically abort with SS$_ACCVIO when hit with a fast burst of client request activity. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o The DCE$RPCD daemon generated thousands of error messages and logged them into the DCE$RPCD.OUT file as: (rpc) *** FATAL ERROR (receive_dispatch) Unexpected exception -- COVER LETTER -- Page 3 8 March 2001 raised at CNRCVR.C;2\587 *** (rpc) *** FATAL ERROR (rpc__cn_network_receiver) Unexpected exception is raised at CNRCVR.C;2\398 *** Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o A process using DCE RPC services aborts with a bugcheck similar to the one below: DECthreads bugcheck (version V3.15-262), terminating execution. % Reason: mutex 0x00000000005DD868 :0 ref. overflow on lock Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o After the installation of DCE V1.5 the IDENT, IDL, and RPCLM commands are missing from the system command tables. Images Affected: - [syslib]DCLTABLES.EXE o After the installation of DCE V1.5 ECO 1 on systems without the DCE-SECURITY license loaded, dce_setup fails with the following error: **************************** ERROR **************************** *** Images required for running the DCE V1.5 ECO 1 for OpenVMS Alpha *** product were not found on this system. These images should have *** have been placed on the system during the installation of this *** product. *** *** Please install the DCE V1.5 ECO 1 for OpenVMS Alpha product *** to ensure that the required images are properly *** installed on the system. Images Affected: - none o The DCE$DTSD process aborts with the error CMA-F-EXCOPLOS and a message of thread has been canceled. Images Affected: -- COVER LETTER -- Page 4 8 March 2001 - [SYSMGR]DCE$SETUP.COM o A new logical has been defined to allow customers to have the DCE daemon files produce process dumps. The logical name DCE$DUMP_DAEMONS can be defined prior to dce startup to add the /DUMP qualifier to the daemon process. Process dumps can only be reliably produced and read on Alpha V7.2-1 systems. You must install special debugger kit ADB073 on your V7.2-1 for the DCE dumps to be usable. Please contact your Compaq support representative to a copy of the ADB073 kit. Images Affected: - [SYSMGR]DCE$RPC_STARTUP.COM - [SYSMGR]DCE$SETUP.COM 6 PROBLEMS ADDRESSED IN DCEECO_015_1 KIT o RPC authentication calls from NT DCE 2.2 clients fail with Principal Unknown errors although the principal is listed in the registry. The failures occur for principals and accounts created from OpenVMS DCE. Images Affected: - [SYSEXE]DCE$RGY_EDIT.EXE o Upon reboot of the system, startup hangs when one of the DCE CDS daemon processes fails to start. Examination of the .OUT file shows the start fails with a messages stating the daemon is already running. Images Affected: - [SYSEXE]DCE$CDSADV.EXE - [SYSEXE]DCE$CDSD.EXE - [SYSEXE]DCE$GDAD.EXE o Directory of sys$manager or sys$scratch lists many DCE_OUT*.tmp files. Images Affected: - [SYSMGR]DCE$SETUP.COM -- COVER LETTER -- Page 5 8 March 2001 - [SYSMGR]DCE$RPC_STARTUP.COM o When starting DCE on a system running Multinet the following DCL message is displayed. %DCL-W-UNDFIL, file has not been opened by DCL - check logical name Images Affected: - [SYSMGR]DCE$SETUP.COM o Eliminate zero block files left in the credentials cache directory. When a dce_login is performed, six files are created in the credentials cache directory, DCE$SPECIFIC:[VAR.SECURITY.CREDS]. An example is the following files: 16 029D9101.;2 1-OCT-1998 15:28:18.37 17 029D9101.;1 1-OCT-1998 15:28:17.76 18 029D9102.;1 1-OCT-1998 15:28:19.27 19 029D9200.;1 1-OCT-1998 15:28:19.02 20 029D9200.DATA;1 1-OCT-1998 15:28:19.38 21 029D9200.NC;1 1-OCT-1998 15:28:19.18 After a kdestroy, two files remain from the original login. In the login example above, the following files are left: 16 029D9101.;1 1-OCT-1998 15:28:17.76 17 029D9102.;1 1-OCT-1998 15:28:19.27 Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o DCE login fails when the input for the password is not obtained from a terminal. The login fails with the error below: $ rgy_edit Current site is: registry server at /.../the_cell/subsys/dce/sec/master l princ_name -dce- login: Credentials cache I/O operation failed XXX Error in input password. Login failed. exit bye Images Affected: -- COVER LETTER -- Page 6 8 March 2001 - [SYSLIB]DCE$LIB_SHR.EXE o Allow the Credentials Cache Cleanup interval to be adjusted. Every one hour, the sec_clientd daemons delete stale credentials files out of the DCE credentials cache directory. If run in debug mode, the daemon deletes the files every five minutes. The interval is not adjustable. Changes were made to make the interval adjustable between 5 minutes and one hour. The interval cannot be greater than 60 minutes or less than 5 minutes. To set the interval, define the logical FCC_CCACHE_CLEANUP_INTERVAL, to the number of minutes between cache cleanups. The logical may be defined at the system level, or may be defined in the sec_clientd startup command procedure. If you change the interval while the security client daemon is running, the new interval will be effective after the next credentials cache cleanup. Images Affected: - [SYSEXE]DCE$SEC_CLIENTD.EXE o After the installation of Multinet 4.1 B-X, DCE will not configure. Images Affected: - [SYSMGR]DCE$SETUP_MULTINET.COM o When a DCE server system failed or was shutdown, the security client daemon on client systems would not fail over to replica server systems. DCE applications running on the client systems would be unable to refresh security credentials or have tickets validated. Images Affected: - [SYSMGR]DCE$SETUP.COM o When DEC C compiler version 6.2 is installed, compilation of the IDL generated C code may result in the following error(s) being displayed. Some DCE images were updated to fix extern model mismatches detected by the new C compiler. ........................^ %CC-W-DIFFEXMODEL, This redeclaration of "xxxxxxxxxxxxxxxx_ifdef" specifies -- COVER LETTER -- Page 7 8 March 2001 Images Affected: - [SYSEXE]DCE$IDL.EXE - [SYSEXE]DCE$RPCD.EXE - [SYSEXE]DCE$SECD.EXE - [SYSEXE]DCE$SEC_CREATE_DB.EXE - [SYSEXE]DCE$SX.EXE - [SYSLIB]DCE$SOCKSHR_DNET_IV.EXE - [SYSLIB]DCE$SOCKSHR_IP.EXE o The HOPF time provider provides year data in a 2 digit format. DCE interface to the provider had to be updated to use a sliding window to calculate the correct year. Images Affected: - [SYSHLP.EXAMPLES.DCE.DTSS]DCE$DTS_PROVIDER.C - [SYSHLP.EXAMPLES.DCE.DTSS]DCE$DTS_PROVIDER_HOPF.EXE o DECnet RPC routines did not correctly update RPC memory usage statistics used for troubleshooting. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE - [SYSLIB]DCE$SOCSHR_DNET_OSI.EXE o After running for some time, the CDS clerk process terminates with the following error: %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=00000001005BA96A, PC=0000000000051A94, PS=0000001B Images Affected: - [SYSEXE]DCE$CDSCLERK.EXE o DCE applications which use the rpc_inq_stats function encounter random Accvios. There is no pattern apparent to the ACCVIOs encountered. -- COVER LETTER -- Page 8 8 March 2001 Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE - [DCE$LIBRARY]RPCTYPES.H - [DCE$LIBRARY]RPCTYPES.IDL o The is_local call did not work on DECnet OSI interface. Images Affected: - [SYSLIB]DCE$SOCKSHR_DNET_OSI.EXe o Attempting to start a DCE server with a well known endpoint, such as RPCD (port 135) or PERF server (port 2001) fails with "unable to bind socket" error, when TCP shows there is no process using the port. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o When many clients attempt to connect to one server, the server may not be able to accept the connections as fast as the clients are requesting. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o Only uppercase "I" is allowed for inaccuracy token input from DTSCP. Only the lowercase string "inf" was valid for infinite inaccuracy. These inputs should not be case sensitive. Images Affected: - [SYSLIB]DTSS$SHR.EXE - [SYSEXE]DTSD.EXE o The PC Name Service Interface daemon, process DCE$NSID, fails to start on systems that support DECnet as an RPC protocol. Typing the DCE$LOCAL:[000000.VAR.DIRECTORY]DCE$NSID.OUT file shows the process failed with the error message below: INFO - manage_server_key thread created INFO - tcp_protseq_ok true Error - rpc_server_use_protseq (ncacn_dnet_nsp): cannot listen on socket (dce / -- COVER LETTER -- Page 9 8 March 2001 Images Affected: - [SYSLIB]DCE$SOCKSHR_DNET_IV.EXE 7 KNOWN PROBLEMS IN ALL PATCH LEVELS OF DCE V1.5 o Configuring a server from the DCE setup and configuration menu on systems where DECNET OSI is a supported protocol fails with the error below when attempting to modify an acl on a cds namespace entry: **************************** ERROR **************************** *** Could not configure ACL info. Failed command: *** $ Dce$Acl_Edit -e /.:/ *** %CMA-F-NOMSG, Message number 10408014 %CMA-F-EXCCOP, exception raised; VMS condition code follows -SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=00000000004E6000, PC=FFFFFFFF8089EEFC, PS=0000001B Image(s) Affected - None. 8 KIT INSTALLATION RATING: The following kit installation rating, based upon current CLD information, is provided to serve as a guide to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) INSTALLATION RATING: INSTALL_2 : To be installed by all customers using the following feature: Compaq DCE V1.5 for OpenVMS Alpha 3 : The kit may be installed by customer using the following feature if they are observing one of the problems fixed. Compaq COM for OpenVMS -- COVER LETTER -- Page 10 8 March 2001 9 INSTALLATION INSTRUCTIONS: Install this kit with the POLYCENTER Software installation utility by logging into the SYSTEM account. After the installation you must stop and restart DCE. On OpenVMS V7.2 systems, you must stop and restart the DCE$RPCD process using SYS$MANAGER:DCE$RPC_SHTUDOWN.COM and SYS$MANAGER:DCE$RPC_STARTUP.COM. You may ignore any/all of the following messages if they are displayed during the installation process: %PCSI-I-OBJSKP, file [DCE$LIBRARY]RPCTYPES.H pertains to an option that ... %PCSI-I-OBJSKP, file [DCE$LIBRARY]RPCTYPES.IDL pertains to an option ... %PCSI-I-OBJSKP, file [SYSHLP.EXAMPLES.DCE.DTSS]DCE$DTS_PROVIDER.C ... %PCSI-I-OBJSKP, file [SYSHLP.EXAMPLES.DCE.SX]DCESX.C pertains to an ... %PCSI-I-RETAIN, file [SYSLIB]DTSS$SHR.EXE was not replaced because file ... No reboot is necessary after successful installation of the kit. Copyright (c) Compaq Computer Corporation, 2001 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. The software contained on this media is proprietary to and embodies the confidential technology of Compaq Computer Corporation. Possession, use, or dissemination of the software and media is authorized only pursuant to a valid written license from Compaq Computer Corporation. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL COMPAQ BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.