ECO NUMBER: DCEECO_030_2 PRODUCT: Compaq DCE V3.0 for OpenVMS Alpha UPDATE PRODUCT: Compaq DCE V3.0 ECO2 for OpenVMS Alpha COVER LETTER 1 KIT NAME: DCEECO_030_2 2 KITS SUPERSEDED BY THIS KIT: DCE030U01 3 KIT DEPENDENCIES: 3.1 The following remedial kit(s), or later, must be installed BEFORE installation of this, or any required kit: Version of OpenVMS Required Kit(s) ------------------ ----------------------------------------- Pre-V7.2 DEC-AXPVMS-VMS62TO71U2_PCSI-V0200--4.PCSI V7.2-1 DEC-AXPVMS-VMS721_PCSI-V0100--4.PCSI DEC-AXPVMS-VMS721_UPDATE-V0300--4.PCSI V7.2-1H1 DEC-AXPVMS-VMS721H1_UPDATE-V0500--4.PCSI V7.2-2 DEC-AXPVMS-VMS722_UPDATE-V0100--4.PCSI V7.3 DEC-AXPVMS-VMS73_UPDATE-V0100--4.PCSI DEC-AXPVMS-VMS73_ACRTL-V0200--4.PCSI DEC-AXPVMS-VMS73_PTHREAD-V0200--4.PCSI V7.3-1 No required kits 3.2 In order to receive all the corrections listed in this kit, the following remedial kits, or later, should also be installed: None. 4 KIT DESCRIPTION: 4.1 Version(s) of OpenVMS to which this kit may be applied: OpenVMS Alpha V6.2,V7.1-2,V7.2-1,V7.2-1H1,V7.2-2,V7.3,V7.3-1 -- COVER LETTER -- Page 2 17 January 2003 4.2 Files patched or replaced: o [SYSLIB]DCE$LIB_SHR.EXE (new image) o [SYSLIB]DCE$SOCKSHR_IP.EXE(new image) o [SYSEXE]DCE$DCED.EXE (new image) o [SYSEXE]DCE$CDSD.EXE (new image) o [SYSEXE]DCE$CDSADVER.EXE (new image) o [SYSEXE]DCE$GDAD (new image) o [SYSEXE]DCE$KCFG.EXE (new image) o [SYSEXE]DCE$AUDITD (new image) o [SYSEXE]DCE$DCESX.EXE (new image) o [SYSEXE]DCE$DCECP.EXE (new image) o [SYSEXE]DCE$SECD.EXE (new image) o [SYSHLP.EXAMPLES.DCE.TOOLS]DCE$ETDEL.EXE (new image) o [SYSHLP.EXAMPLES.DCE.TOOLS]DCE$ETDMP.EXE (new image) o [SYSHLP.EXAMPLES.DCE.TOOLS]DCE$ETFMT.EXE (new image) o [SYSHLP.EXAMPLES.DCE.TOOLS]DCE$ETGET.EXE (new image) o [SYSHLP]DCEDCL.HLP (new file) o [SYSMGR]DCE$SETUP.COM (new file) o [SYSMGR]DCE$RPC_STARTUP.COM (new file) 5 PROBLEMS ADDRESSED IN DCEECO_030_2 KIT o When a large number of ACMSxp Processing servers are stopped and re-started several times in a loop, DCE goes into a hang state. Images Affected: - [SYSEXE]DCE$DCED.EXE o On cancellation of an RPC-call, the BG devices (Sockets)that were allocated are not released. Several such RPC call cancellations can result in a pileup of BG devices leading to a -- COVER LETTER -- Page 3 17 January 2003 resource leak. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o Memory leak is encountered in DCE/RPC when DCOM is functional in unauthenticated mode. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o The DCE$DCED process terminates with the following error under load: (socket) rpc_socket_disp_select *** FATAL ERROR at SOCKDISPATCH.C;1\3755 *** %CMA-F-EXCCOP, exception raised; VMS condition code follows SYSTEM-F-OPCCUS,opcode reserved to customer fault at PC=00000000007043A8, PS=0 000001B %SYSTEM-F-ABORT, abort Images Affected: - [SYSLIB]DCE$SOCKSHR_IP.EXE o The login context specific to application processes expires immediately after starting ACMSxp TP system. The TP System makes use of credentials obtained after a dce_login with "acmsxp_svr" as the principal name. Klist fails with the following error: No DCE identity available: No currently established network identity for which context exists (dce / sec) Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o The DCE$DCED process aborts with SYSTEM-F-ACCVIO when a command procedure containing dce_login and ACMSxp commands is executed in an infinite loop. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE -- COVER LETTER -- Page 4 17 January 2003 o DCE V3.0 RPC Only configuration fails on systems with TCPWARE as the IP product. The configuration program terminates abnormally. Images Affected: - [SYSMGR]DCE$RPC_STARTUP.COM o There was a case where a NULL pointer check was not being made in RPC Runtime code. The new image takes care of this problem. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o DCE Client configuration fails in certain cell configurations running HP UNIX DCE Servers. Client Configuration aborts with the following error message: Attempting to locate security server *** Error: can't locate security server (exiting) >>> getcellinfo: can't obtain handle to security server Entry not found (dce / rpc) Images Affected: - [SYSMGR]DCE$SETUP.COM o DCE startup fails after a system reboot. The startup procedure fails while starting the CDS Name Service Advertiser daemon. DCE$SETUP reports the following error message "Error Starting CDSADVER" Images Affected: - [SYSEXE]DCE$CDSADVER.EXE - [SYSEXE]DCE$CDSD.EXE - [SYSEXE]DCE$GDAD.EXE o Configuration Verification Procedure (CVP) on 3.0 fails intermittently with the following error. %CMA-F-EXCCOPLOS, exception raised; some information lost -DCERPC-F-COMMFAILURE, communications failure (dce / rpc) DCE for OpenVMS Alpha V3.0 CVP failed. -- COVER LETTER -- Page 5 17 January 2003 Images Affected: - [SYSEXE]DCE$DCESX.EXE o On completion of a CVP run, user was prompted twice to Hit the Return Key for displaying the SETUP menu. Eg: Press to continue . . . Press to continue . . . DCE$SETUP now displays the SETUP Menu with the first Carriage Return itself. Images Affected: - [SYSMGR]DCE$SETUP.COM o While configuring LDAP Clients into a LDAP Server Cell, the DCE$SETUP program does not report the 'password validation failure' message when there is a password mismatch. The user is now informed of the password mismatch and prompted again for the right entry. Images Affected: - [SYSMGR]DCE$SETUP.COM o DCE Online Help was not properly structured. Having all the Help topics at the top level of Help clutters up the DCL Help. New DCE DCL Help Library fixes the problem. Images Affected: - [SYSHLP]DCEDCL.HLP o When a call to rpc_binding_from_string_binding fails, the subsequent calls to this function hang forever. New RPC Runtime library fixes the bug in "rpc_binding_from_string_binding". Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o When running DCOM applications between Windows 2000 and VMS systems, several RPC_CN_CREATE_AUTH_INFO messages are logged into the DCOM$RPCSS.OUT file leading to exhaustion in disk space. This problem has now been resolved in the new image. User will need to define a logical "DCE_DISABLE_LOGGING" to 1 either system or process wide for disabling the error messages. -- COVER LETTER -- Page 6 17 January 2003 $ DEFINE/SYSTEM/EXEC DCE_DISABLE_LOGGING 1 or $ DEFINE DCE_DISABLE_LOGGING 1 Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o Failure to detect or ping an active Windows 2000 Client while running Authenticated DCOM between a Windows 2000 and Open VMS System would cause the DCOM Server applications to timeout and run down after a period of about 10 minutes. Several "RPC_CN_AUTH_VFY_CLIENT_REQ" error messages appear in DCOM$RPCSS.OUT file in intervals of 2 minutes 2001-10-02-17:01:58.468-04:00I0.629 PID#330 ERROR rpc auth CNSASSM.C;1 4654 0x01eb9740 RPC_CN_AUTH_VFY_CLIENT_REQ on server failed: invalid handle (dce /rpc) Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o Serviceability logging feature does not log the RPC information into the log files, though it creates the file. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o Enabling Kerberos 5 Services on Alpha 7.3 and above aborts with the following error message. assert error: expression =context->refcount > 0, in file DECW$DCERESD:[SECURITY.CLIENT.RCA.SRC]INTERNAL_BINDING.C;1 at line 2706 %SYSTEM-F-OPCCUS, opcode reserved to customer fault at PC=FFFFFFFF80A5E7F4, PS=0000001B Images Affected: - [SYSEXE]DCE$KCFG.EXE o RPC Fatal Exceptions are reported in DCOM$RPCSS.OUT when running DCOM applications from Windows 2000 after a new login. DCOM$RPCSS process reports the following exception in the OUT file -- COVER LETTER -- Page 7 17 January 2003 2002-04-18-15:04:17.604-04:00I0.113 PID#21370 FATAL rpc recv CNRCVR.C;5 563 0x015a5740 (rpc_cn_network_receiver) Unexpected exception was raised Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o When the audit daemon is enabled from the dce_setup command procedure, it fails with the following error. ***Could not execute DCECP command: ***Dcecp -c audfilter create world -at {dce_sec_modify {failure denial}all} ***%CLI-W-ABVERB, ambiguous command verb - supply more characters *** Error: dcecp -c audfilter create world -at {dce_sec_modify {failure denial} all} failed (continuing) Audit daemon configuration failed Images Affected: - [SYSEXE]DCE$AUDITD.EXE o DCE client example programs located in [SYSHLP.EXAMPLES.DCE.RPC] generated using IDL "-trace log_manager" option access violate. The access viloation occurs when the symbol RPC_LOG_FILE is defined. %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=000000000000 0000, PC=0000000000239F68, PS=0000001B Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o DCE Startup Procedure hangs during an upgrade from 1.5 to 3.0 in RPC Only Configuration Images Affected: - [SYSMGR]DCE$SETUP.COM -- COVER LETTER -- Page 8 17 January 2003 6 PROBLEMS ADDRESSED IN DCE030U01 KIT o When an invalid dcecp command is entered, the user is returned to the DCL prompt instead of the dcecp prompt. In the example below, after the error is displayed, the "dcecp>" prompt should be output to allow the user to correct the command and continue. $ dcecp dcecp> errtext 2350- Error: The value '2350-' is not a valid integer error code. $ Images Affected: - [SYSEXE]DCE$DCECP.EXE o An ACCVIO occurs when configuring Kerberos on pre-V7.2 versions of OpenVMS. The installation should not install MIT Kerberos files on pre-V7.2 Alpha systems and configuration should not ask questions for MIT Kerberos support on systems that do not support the option. Below is a sample of the ACCVIO: $ dce_setup configure Configuring Kerberos... %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=000000000000 0001, PC=00000000004D0F50, PS=0000001B Images Affected: - [SYSMGR]DCE$SETUP.COM o While converting a DTS local server to a DTS global server, the following error is received: *********************** ERROR *********************** ** An error occurred attempting to log in to DCE with *** principal name "cell_admin" Sorry. Password Validation Failure. - cannot log in with zero-length password (dce / sec) Images Affected: - [SYSMGR]DCE$SETUP.COM -- COVER LETTER -- Page 9 17 January 2003 o DCE processes should be able to produce dumps during abnormal termination. In order to be able to produce dumps, user is granted the option of setting the dump logical 'DCE$DUMP_DAEMONS'.The dump daemons logical can be set using: DEFINE/SYSTEM/EXEC DCE$DUMP_DAEMONS 1 Images Affected: - [SYSMGR]DCE$SETUP.COM - [SYSMGR]DCE$RPC_STARTUP.COM o A DCOM user, running in Unauthenticated mode (no NT security credentials), fails, as follows: $ run sserver Server: CoRegisterClassObject: (null)(ee1282ca) Server: Done $ set message sys$message: DCE$RPC_MSG.EXE $ exit %xee1282ca %DCERPC-E-CANTLISTENSOCKE, cannot listen on socket (dce / rpc) Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o CNSASSM.C is not checking some memory allocation pointers for null. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o According to the OSF documentation when a user defined authorization function returns false, the status value from the user supplied function is to be returned to the client. The RPC runtime always returns status "rpc_s_mgmt_op_disallowed" when the user function returns false. Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o ETGET and other tools should be but are not installed by the DCE 3.0 upgrade. o An attempt to start DCE fails after the start of the DCE$SECD daemon. The error "Dcecp server ping was unsuccessful on all endpoints" is output to the terminal. This error message has -- COVER LETTER -- Page 10 17 January 2003 been changed to: Unable to acquire initial login context: Authentication ticket expired. Please restart DCED Which is more descriptive of the real problem and indicates how to fix the problem, i.e. restart DCED Images Affected: - [SYSMGR]DCE$SETUP.COM o The DCE security daemon, DCE$SECD, aborts with an ACCVIO. Analysis using the SYS$MANAGER:JPI.COM tool shows the process is continually leaking page file quota. Images Affected: - [SYSEXE]DCE$SECD.EXE o DCED can crash with an ACCVIo at VA=0, PC=2C10E4.The DCE$DCED.OUT file shows: Delete DCE$SPECIFIC:[VAR.SECURITY.CREDS]DCECRED_0427F700.NC;1: No ticket 11/06/00 23:29:42 - Starting credentials cleanup 11/07/00 00:29:43 - Starting credentials cleanup 11/07/00 01:29:43 - Starting credentials cleanup Delete DCE$SPECIFIC:[VAR.SECURITY.CREDS]DCECRED_043ACA21.;2: Expired Delete DCE$SPECIFIC:[VAR.SECURITY.CREDS]DCECRED_043ACA65.;1: Old version Delete DCE$SPECIFIC:[VAR.SECURITY.CREDS]DCECRED_043ACA67.;1: Empty Delete DCE$SPECIFIC:[VAR.SECURITY.CREDS]DCECRED_043ACA68.;1: Empty 11/07/00 02:29:47 - Starting credentials cleanup 11/07/00 03:29:47 - Starting credentials cleanup 11/07/00 04:29:47 - Starting credentials cleanup %CMA-F-EXCCOP, exception raised; VMS condition code follows -SYSTEM-F-ACCVIO, access violation, reason mask=04, virtual address=0000000000000000, PC=00000000002C10E4, PS=0000001B Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o A DCE server or client process that needs to maintain a login context crashes with an ACCVIO.For example the DCE$CDSCLERK can fail with the following ACCVIO in the DCE$CDSCLERK.OUT file: %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual -- COVER LETTER -- Page 11 17 January 2003 address=0000000000000068, PC=0000000000989D50, PS=0000001B Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o Cannot configure and start an RPC only configuration on DCE V3.0. Running uuidgen results in the error: $ run sys$system:dce$uuidgen %UUIDGEN-F-RPC_MESSAGE, Received Error Status: "no IEEE 802 hardware address" Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o kdestroy does not delete the credential files at DCE$LOCAL:[VAR.SECURITY.CREDS] Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE o During startup, whenever a client application imports the binding information from the name service database using the rpc call rpc_ns_binding_import_next( )while having less than 13 free event flags the RPC call fails with the 'name service unavailable' error. Images Affected: - [SYSLIB]DCE$SOCKSHR_IP.EXE o After 10 to 12 hours DCE$CDSD and DCE$GDAD will ACCVIO. At that moment it is in a process to refresh the Server Identity. However this refresh activity fails with the error "sec_s_login_handle_invalid". Images Affected: - [SYSEXE]DCE$CDSD.EXE - [SYSEXE]DCE$GDAD.EXE o While modifying DTS configuration from Local Server to Clerk, the DTS entity representing the DTS server still exists in the lan-profile. The server entry should not exist. -- COVER LETTER -- Page 12 17 January 2003 Images Affected: - [SYSMGR]DCE$SETUP.COM 7 KIT INSTALLATION RATING: The following kit installation rating, based upon current CLD information, is provided to serve as a guide to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) INSTALLATION RATING: INSTALL_2 : To be installed by all customers using the following feature(s): Compaq DCE V3.0 for OpenVMS INSTALL_3 : To be installed by customers experiencing the problems corrected. Compaq COM for OpenVMS 8 INSTALLATION INSTRUCTIONS: Install this kit with the POLYCENTER Software installation utility by logging into the SYSTEM account, and typing the following at the DCL prompt: PRODUCT INSTALL DCEECO_030_2/SOURCE=[location of Kit] The kit location may be a tape drive, CD, or a disk directory that contains the kit. Additional help on installing PCSI kits can be found by typing HELP PRODUCT INSTALL at the system prompt No reboot is necessary after successful installation of the kit. © 2002 Compaq Information Technologies Group, L.P. All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. COMPAQ, the COMPAQ logo, VAX, Alpha, VMS, and OpenVMS are registered in the U.S. Patent and Trademark Office. All other product names mentioned herein may be trademarks of their respective companies. Confidential computer software. Valid license from COMPAQ are required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software -- COVER LETTER -- Page 13 17 January 2003 Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. COMPAQ shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is provided as is without warranty of any kind and is subject to change without notice. The warranties for COMPAQ products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL COMPAQ BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.