Jump to page titleUNITED STATES
hp.com home products and services support and drivers solutions how to buy
» contact hp

more options
hp.com home
End of Jump to page title
HP Services Software Patches
Jump to content

» software & drivers
» ask Compaq
» reference library
» forums & communities
» support tools
» warranty information
» contact support
» parts
» give us feedback

patches by topic
» OpenVMS
» Security
» Tru64 Unix
» Ultrix 32
» Windows
» Windows NT

associated links
» what's new
» contract access
» browse patch tree
» search patch tree
» join mailing list

connection tools
» nameserver lookup
» traceroute
» ping

Find Support Information and Customer Communities for Presario.
Content starts here
DCE-VMS ALPDCE04_014 DCE V1.4 OpenVMS Alpha ECO Summary
TITLE: DCE-VMS ALPDCE04_014 DCE V1.4 OpenVMS Alpha ECO Summary
Modification Date:  23-SEP-99
Modification Type:  Updated Kit  Supersedes ALPDCE03_014

NOTE:  An OpenVMS saveset or PCSI installation file is stored
       on the Internet in a self-expanding compressed file.
       The name of the compressed file will be kit_name-dcx_vaxexe
       for OpenVMS VAX or kit_name-dcx_axpexe for OpenVMS Alpha.
       Once the file is copied to your system, it can be expanded
       by typing RUN compressed_file.  The resultant file will
       be the OpenVMS saveset or PCSI installation file which
       can be used to install the ECO.
Copyright (c) Compaq Computer Corporation 1999.  All rights reserved.

PRODUCT:    Distributed Computing Environment For OpenVMS (DCE)

OP/SYS:     DIGITAL OpenVMS Alpha 

SOURCE:     Compaq Computer Corporation


     ECO Kit Name:  ALPDCE04_014
     ECO Kits Superseded by This ECO Kit:  ALPDCE03_014
     ECO Kit Approximate Size:  29,916 Blocks
                    Saveset A -     90 Blocks
                    Saveset B - 29,826 Blocks

     Kit Applies To:  OpenVMS Alpha V6.2, V6.2-1H2,
                                    V6.2-1H3, V7.1,
                                    V7.1-1H1, V7.1-1H2

     System/Cluster Reboot Necessary:  No (See Installation Notes)
     Rolling Re-boot Supported:  Not Applicable 
     Installation Rating:  2 - To be installed on all systems running
                               the listed version(s) of OpenVMS and
                               using the following feature(s):

                               This remedial kit contains many Year 2000 
                               related fixes.  Any system running DCE 
                               must have this kit installed.

     Kit Dependencies:

       The following remedial kit(s) must be installed BEFORE
       installation of this kit:


       In order to receive all the corrections listed in this
       kit, the following remedial kits should also be installed:



An ECO kit exists for DCE V1.4 on OpenVMS Alpha V6.2, V6.2-1H2,
V6.2-1H3, V7.1, V7.1-1H1, V7.1-1H2.  
This kit addresses the following problems: 


   o  Fix memory leaks in DCE DECnet OSI Socket interface image

          DCE daemons and DCE user applications terminate abnormally due
          to  with  page  file  exhaustion.   For  Example, DCE endpoint
          mapper, DCE$RPCD, aborts unexpectedly on systems where  DECnet
          OSI  is a supported DCE protocol.  Examination of the rpcd out
          file shows insufficient dynamic memory errors.

          $ type Dce$Specific:[Var.Rpc.Adm]DCE$RPCD.Out
          (socket) (SOCKET_MEM_ALLOC) *** FATAL ERROR at SOCKMEM.C;1\293 ***
          %SYSTEM-F-INSFMEM, insufficient dynamic memory%CMA-F-EXCCOP, 
          exception raised;
          VMS condition code follows

          Please note, there are still memory management  problems  with
          DCE  when  DCEnet  OSI  as  used  as a transport.  If you site
          requires 24 by 7 operation, it you can disable DECnet OSI as a
          DCE protocol if you have no application requirementto use OSI.

          Installation of the DECthreads kit, ALPTHREADS04_071 is highly
          recommended  on  Alpha V7.1 systems.  Page file leakage of DCE
          process is greatly  reduced  after  the  installation  of  the
          ALPTHREADS04_071 kit.

          Three memory leaks were fixed in the DCE OSI socket  interface

          o  Work-arounds:

          Disable  DECnet  OSI  as   a   DCE   transport   by   defining
          RPC_SUPPORTED_PROTSEQS  or  by  defining the DECnet OSI socket
          shareable image to null with:

            $Define/Sys/Exec DCE$SOCKSHR_DNET_OSI NL:

     o  Eliminate two zero block files left in the  credentials  cache
        directory after a dce_login followed by a kdestroy.

          When a dce_login is performed, six files are  created  in  the
          credentials                  cache                  directory,
          DCE$SPECIFIC:[VAR.SECURITY.CREDS].    An   example   is    the
          following files:

                 16   029D9101.;2           1-OCT-1998 15:28:18.37
                 17   029D9101.;1           1-OCT-1998 15:28:17.76
                 18   029D9102.;1           1-OCT-1998 15:28:19.27
                 19   029D9200.;1           1-OCT-1998 15:28:19.02
                 20   029D9200.DATA;1       1-OCT-1998 15:28:19.38
                 21   029D9200.NC;1         1-OCT-1998 15:28:19.18

          After a kdestroy, two files remain from  the  original  login.
          In the login example above, the following files are left:

                 16   029D9101.;1           1-OCT-1998 15:28:17.76
                 17   029D9102.;1           1-OCT-1998 15:28:19.27

          DCE uses  UNIX  style  file  processing.   When  creating  the
          initial cache file, 029D9101 in the example above, a version 1
          file   is   created   by    allocate_krb5_info    call    from
          sec_login_pvt_setup_identity.     A    subsequent    call   to
          krb5_cc_initialize opens this file  with  the  requirement  to
          create  a  new  version.  On VMS this creates version 2 of the

          When sec_login_set_context is called  later  during  login,  a
          similar  problem  happens.   To  create  the CC data file like
          029D9200.DATA;1 in the example  above,  a  temporary  file  is
          used.  The temporary file is created, closed and then reopened
          creating two files (029D9200.;1 and 029D9200.;2).  The  second
          version  of the file is populated with the data and renamed to
          029D9200.DATA.  The first version is left.

     o  Allow dce login password input from a command procedure

          DCE login fails  when  the  input  for  the  password  is  not
          obtained  from  a  terminal.   The  login fails with the error

          $ rgy_edit
          Current site is: registry server at /.../adu26a_cell/subsys/dce/sec
          l cell_admin
          login: Credentials cache I/O operation failed XXX Error in input 
          password. Login failed.


          o  Work-arounds:

          Perform a DCE_LOGIN  prior  to  using  DCE  utilities.   Limit
          procedures to run only until the current login expires.

     o  Allow the Credentials Cache Cleanup interval to be adjusted.

          Every  one  hour,  the  sec_clientd  daemons   deletes   stale
          credentials  files out of the DCE credentials cache directory.
          If run in debug mode, the daemons deletes the files every five
          minutes.   The  interval is not adjustable.  Changes were made
          to make the interval adjustable  between  5  minutes  and  one
          hour.   The interval cannot be greater than 60 minutes or less
          than 5 minutes.

          To    set     the     interval,     define     the     logical
          FCC_CCACHE_CLEANUP_INTERVAL,  to the number of minutes between
          cache cleanups.  The logical may  be  defined  at  the  system
          level,  or  may  be defined in the sec_clientd startup command
          procedure.  If you change  the  interval  while  the  security
          client  daemon  is running, the new interval will be effective
          after the next credentials cache cleanup.

     o  New version V5.0 of TCP/IP services  for  OpenVMS  will  cause
        configuration failures in DCE setup procedures.

        **** IMPORTANT NOTICE ****
     If you have customized the DCE$SETUP.com at your site,  you  should
     remove  the  DCE$SETUP.com  and DCE$SETUP_UCX.com installed by this
     procedure after installation.   The  site  specific  customizations
     will  need to be made to the new versions of the command procedures
     and installed at a later time

     For  example  if  you  have  increased   DCE   daemon   quotas   in
     DCE$SETUP.COM  for  using MULTINET, you will have to make the quota
     adjustments to the version of DCE$SETUP.COM supplied in this kit.

              **** END NOTICE ****

          A new version of TCP/IP services for OpenVMS is shipping which
          eliminates  some of the UCX commands used by the DCE$SETUP.COM
          and DCE$SETUP_UCX.COM procedures.

          o  Work-arounds:

          Manually edit the setup files.

     o  Fix  DCE$SETUP  start  of   configure   failures   after   the
        installation of Multinet 4.1 B-X

          Updates to multinet changed  the  BGO  device  characteristics
          breaking old logic checking if multinet was installed.

     o  Fix problem where accounts  created  from  VMS  1.4  and  V1.5
        system could not be used in rpc authentication calls to NT DCE
        2.2 and Unix DCE 3.0 servers.

          An account created from a V1.4  or  V1.5  OpenVMS  system  via
          rgy_edit  caused a principal unknown error to be returned from
          a NT 2.2 or UNIX 3.0 system when  the  principal  account  was
          used in an rpc_binding_set_auth_info() call.

     o  Restart of RPCD or PERF server  fails  with  "unable  to  bind

     Attempting to restart a DCE server with a well known endpoint, such
     as  RPCD  (port 135) or PERF server (port 2001) failed with "unable
     to bind socket" error, when there is no  process  using  the  port.
     This problem is corrected.

          Attempting to restart a DCE server with a well known endpoint,
          such  as RPCD (port 135) or PERF server (port 2001) fails with
          an "unable to bind socket" error, when  there  is  no  process
          using  the  port.   Restart  of RPCD could fail with a message
          that  RPCD  was  already  running.   Client  incoming  packets
          referencing the well-known endpoint create Port Control Blocks
          for the endpoint.  A socket cannot be bound to a port with  an
          existing PCB unless the SO_REUSEADDRESS socket option is set.

Problems addressed in the ALPDCE03_014 kit:

  o  Configuring an OpenVMS DCE 1.4 client into  a  Gradient  server
     running on NT 4.0 results in the following error:                        
       Establishing security environment for principal "cell_admin" . . .       
       ****************************    ERROR    ****************************    
       ***  An error occurred while setting up the security environment         
       ***  using principal name "cell_admin"                                   
       Error: Cannot validate identity for principal "cell_admin"               
       who are you failed (dce / rpc) 236094202                                 
       %SYSTEM-F-ABORT, abort                                                   

  o  Servers abort with the following error messages:

       + Listening...
         (socket) rpc__socket_disp_select
         *** FATAL ERROR at SOCKDISPATCH.C;1\3668***
         %CMA-F-EXCCOP, exception raised; VMS condition code follows
         -SYSTEM-F-OPCCUS, opcode reserved to customer fault at
         %SYSTEM-F-ABORT, abort

  o  User applications passing fixed  arrays  containing  structures
     between  Alpha OpenVMS and other platforms encounter corruption
     in the array contents.

  o  IDL compiler does not find file in a search list:

         $ define idl_sources W1:[GUY.DCE_EXAMPLES.TEST1],

         $ Directory W1:[GUY.DCE_EXAMPLES.TEST1]

         TEST1.IDL;1   3/3  6-JAN-1993 10:54:38.21 (RWED,RWED,,RE,)

         Total of 1 file, 3/3 blocks.

         $ sho log idl_sources
                = "W1:[GUY.DCE_EXAMPLES]"

         $ set def idl_sources

         $idl test1

         %IDL-E-OPENREAD, Unable to open idl_sources:[guy]test1.idl
                          for read access
         %IDL-E-SYSERRMSG, System error message: no such file or directory
         %IDL-F-COMPABORT, Compilation aborted

Problems addressed in the ALPDCE02_014 kit:

  o  The ALPDCE01_014 remedial kit did not install on OpenVMS Alpha
     hardware versions.  The ALPDCE02_014 remedial kit corrects

Problems addressed in the ALPDCE01_014 kit:

  o  When the security server is not running, sec_login_refresh_identity()  
     returns an undocumented status code, 336760967.  The documentation 
     states that the sec_rgy_server_unavailable status code should be 
     returned.  Example programs from OSF and other vendors show the 
     refresh thread testing for the sec_rgy_server_unavailable status 
     to determine if the refresh should be retried.

  o  Executing any RPCLM command results in a fault invalid bound
     message on Alpha systems.

       $RPCLM String Binding of Server:ncadg_ip_udp:[2301]
        RPCLM> inq
       %CMA-F-EXCCOPLOS, exception raised; some information lost
        -DCERPC-E-FAULTINVALIDBOU, fault invalid bound (DCE / RPC)

  o  In the directory DCE$SPECIFIC:[KRB5], there are hundreds of
     versions of KRB5KDC_RCACHE created by the DCE$SECD process.  
     These files do get cleaned up during a CLEAN operation but, 
     they are not cleaned up during a start or restart of DCE.

  o  If you do not include  prior to including  
     the header will not compile because it uses the datatype FILE*.

  o  Attempting a kinit on an OpenVMS system results in the 
     following error:  

       $ kinit cell_admin
       $5$dkb0:[sys0.syscommon.][sysexe]dce$kinit.exe;4: Malformed
         representation of principal when parsing name T@

  o  When an 'Illegal state transition' occurs, the correct state
     is not reported.  The code corrupts the state before
     reporting it.  A state of 255 is reported and is meaningless
     because it is the code for No State.

  o  Print 4 digit years on output from DCE processes.  Allow four
     digit data inputs from DCE administration functions.  Fix leap
     year calculations for years after 2017.

  o  It has been discovered that OSF/DCE has a potential problem in
     the security server that could allow for a denial of service

     If a principal, group, or organization is greater than 1024
     characters (including the cell name, so the actual name limit
     is less than 1024) when passed to security daemon (secd), it
     will cause secd core dump.  The buffer is overrun causing
     memory corruption.  In certain cases, the lookup attempt (or
     add or whatever) on the client will then rebind to another
     secd to make the request, eventually crashing all security
     daemons in the cell.

  o  The new Pathway IP version can cause DCE setup to abort
     abruptly with error messages.  Pathway changes the output of
     an image that returns the Pathway version.  This causes output
     parsing routines to fail because they search for runtime on
     the line containing the version.


     Install this kit with the VMSINSTAL utility  by  logging  into  the
     SYSTEM account, and typing the following at the DCL prompt:

     @SYS$UPDATE:VMSINSTAL ALPDCE04_014 [location of the saveset]

     The saveset location may be a tape drive, CD, or a  disk  directory
     that contains the kit saveset.

     No reboot is necessary after successful installation of the kit.

Files on this server are as follows:
privacy statement using this site means you accept its terms