Known issues and limitations

Problem

Virtual instance deployment that is failed with the error displayed as CWZIP2018E. The group deployment operation failed because deployment of at least one member of the group fails with error ${vmname} : CWZIP2016E and the deploy operation failed error appears as

Deployment error: CWZIP8003W The virtual machine is in an error state - No valid host was found. No suitable host could be found due to the storage configuration. Please ensure there are available hosts in the Storage Connectivity Group and that there is sufficient storage capacity for this operation and retry your request.

Root cause

The storage connectivity group is Inactive in PowerVC. This issue is seen when compute node is re-registered to PowerVC.

Resolution

Verify that fiber channel ports connectivity type is set to vSCSI and wait until Storage connectivity group PureApp_Default is OK in PowerVC.

Problem

During installation Servicd64 struck a ‘Failed offline’ state.

Resolution

To resolve this issue, do these steps:

1. After the script completes, ensure that the psm services are in online state by running the psm info all command.
2. If Service64 is not in online state, run the following commands to bring the Service64 to online state. If Service64 is in Failed offline state, then run psm reset Service64 command to move it to starting state and then run the following commands:
   • /data/purescale-install/tsa/runTSAServerCommand.sh stop ipas-float- db2instance-db2inst 2>&1 | /data/purescale-install/tsa/tsalogger.sh ipas-float- db2instance-db2inst stop ; (exit $PIPESTATUS)
   • /data/purescale/db2_11.5.8.0/bin/db2gcf -s -i db2inst
   • /data/purescale-install/tsa/runTSAServerCommand.sh start ipas-float- db2instance-db2inst 2>&1 | /data/purescale-install/tsa/tsalogger.sh ipas-float- db2instance-db2inst start ; (exit $PIPESTATUS)
   • /data/purescale/db2_11.5.8.0/bin/db2gcf -s -i db2inst
3. Wait for 20 minutes to get the rest of the services to online state, which states all service of PSM will be in online (green) state.
4. If service64 does not start and the following error appears in the /var/log/purescale/ipas.tsaserver/ipas-float-database-ipasdb.log file.

   <start>  utils.process  | [stderr] FINER: Unable to query database with current connection object
   
   [08-24-24 10:36:13] 3313  <start>  utils.process  | [stderr] com.ibm.pdq.runtime.exception.DataRuntimeException: [pdq][0][2.7.116] CWPZC9001E: Could not obtain Connection from org.apache.commons.dbcp.PoolingDataSource;  Caused by: com.ibm.db2.jcc.am.SqlNonTransientConnectionException: DB2 SQL Error: SQLCODE=-20157, SQLSTATE=08004, SQLERRMC=DB2IPAS;QUIESCE DATABASE;;, DRIVER=4.14.113

5. Do these steps to bring the services to the online state:
   • /data/purescale/db2_11.5.9.0_special_43682/bin/db2gcf -s -i db2inst | grep 'DB2 State'
   • /data/purescale/db2_11.5.9.0_special_43682/bin/db2gcf -u -i db2inst
   • resetrsrc -s "Name?='ipas-float-db2instance-db2inst'" IBM.Application

Problem

CPU utilization of the compute node is displayed as 0.

Root cause

The query job is not able to calculate the compute node CPU utilization from HMC.

Resolution

• To resolve this problem, do the following:
  • Enable performance data collection. For more information on enabling data collection, see https://www.ibm.com/docs/en/power10?topic=gs-enabling-data-collection
  • Configure VM utilization sampling state to 60 seconds by using the command HMC.chlparutil -r config -s 60. For more information, see https://www.ibm.com/docs/en/power10/000V-HMC?topic=commands-chlparutil

Problem

Virtual instance deployment that is failed with the error displayed as CWZIP2018E. The group deployment operation failed because deployment of at least one member of the group fails with error ipas-vm25-187-064-118-OS_Node_1.11725422770404: CWZIP2016E and the deploy operation failed error appears as

Deployment error: CWZIP8003W The virtual machine is in an error state - Build of instance e3e5de5e-9807-4bbd-b57c-526b17045ae2 aborted: Failure prepping block device.

Root cause

Storage provider connection needs manual refresh after PowerVC reboot.

Resolution

In PowerVC UI, go to storage list > edit connection and then save the connection by entering password. This establishes the storage connection again. .

Problem

Service 55 shows the Stuck online state intermittently after a failover or after a Platform System Manager (PSM) restart or shutdown. Therefore, High Availability (HA) results in error or offline states.

Resolution

To resolve this problem, log in to the Platform System Manager (PSM) console and run the following command from the leader Platform System Manager (PSM):

psm automation reload

Problem

Bring your own OS image and customize by using the AIX OS pattern kit is not supported.

Resolution

Clients must use the OS image that is provided by the Cloud Pak System.

Problem

As a read-only user, you cannot deploy the Db2® pattern when the Fenced user and Instance owner password fields are already saved with the password in the Pattern Builder page.

Root cause

When you open any Db2 pattern with the already saved passwords by write or admin user, these passwords are visible as asterisks (********) according to the function. The Fenced user and Instance owner password fields do not allow asterisk symbols. Due to this restriction, during the deployment time you see a validation issue on these two fields.

Symptom

When you save the password on the Pattern Builder page and log in as a read-only user, the Fenced user and Instance owner password fields are highlighted in red color. On the Deploy Pattern page, when you click Quick Deploy or Prepare to Deploy without updating the highlighted password fields, the following message is displayed:

Configuration validation error - One or more parameters have not been specified correctly.

Resolution

On the Deploy Pattern page, delete the passwords if they are highlighted in red color. Re-enter the Fenced user and Instance owner passwords and then deploy the pattern.

Problem

If the resources in the cloud group are insufficient or if the stuck volume is in unknown state on the storage controller page, the error message Unable to attach volume is displayed in the failed job log of instance.

Error message

pooljvm.1733288210558.855 [12-04-24 04:59:46] 0032 pooltask| java.lang.RuntimeException: com.ibm.purescale.iaas.util.exception.IaaSApplicationException: CWZIP1977E The 'Attach Volume' operation has failed.

If the stuck volume on the Storage_Resources > Luns page is in unknown state, the null pointer exception is displayed in the storage_controller job.

Error message

pooljvm.1729083424743.35835 [10-16-24 12:58:58] 0045 pooltask | java.lang.NullPointerException

Problem

After deleting the Db2 ptype from Pattern development > Pattern Types, Db2 Fix Packs (Virtual Systems) menu is missing.

Symptom

After deleting the Db2 ptype, the Db2 Fix Packs menu will disappear. If you go to Pattern development> Fix packs section, the Db2 Fix Packs (Virtual Systems) menu is not visible.

Resolution

Upload the deleted Db2 ptype to the CPS, it will fetch the Db2 Fix Packs menu. If Db2 ptype is not in use, keep it in disable state.

Note: Do not delete the Db2 ptype instead you can disable it.

Users cannot create or edit a virtual machine by specifying its name as purevCenter. It is a known limitation. This name is reserved. Instead, specify a different name.

Problem

When you download job logs from the Jobs Queue page of the IBM Cloud Pak System user interface, they download as .zip files and do not get extracted. When the job has large log files, it gets created as multiple .gz files, and all these .gz files are compressed to a single .zip file, which gets downloaded but is not extractable.

Resolution

Use the IBM Cloud Pak System command-line interface (CLI) and manually extract the .zip file to view the individual .gz file.

Before pattern deployment or auto scaling on an instance, IBM® Workload Deployer (IWD) does not validate the status of the compute nodes or availability of resources (storage, CPU, and memory) for both environment profile or cloud group.

In horizontal auto scaling, though no virtual machine is provisioned in the hypervisor, the virtual machine record appears in the pattern instance page. It happens when the compute node is not in running state or has insufficient resources in the environment profile, cloud group, or compute node.

As a resolution, ensure that sufficient resources (storage, CPU, and memory) are available in the environment profile, cloud group, or compute node where you deploy the pattern or where the auto scaling is enabled. If problem persists, contact IBM Support.

Problem

The blocked ipas.async jobs might cause the backup jobs to go into a Failed or Pending state after waiting for a job completion.

Workaround

To address this issue, take the blocked job ID from the backup job logs. For example, the job ID can be as follows:

95bc13db-6125-48ed-93aa-73f394dcf48b

Then, do these steps:

1. Run the service purescale status command in the leader Platform System Manager (PSM) and get the process identification number (pid) for the blocked job.
2. Run the kill -9 <pid> to kill the blocked job.
3. Run the backup job again after you make the preceding changes.

<message>/opt/IBM/WebSphere/Plugins/config/actionRegistry/actio ns/99SBootStrapPluginsIHS.ant:908:Execute failed: java.io.IOExce "/bin/bash" 
(in directory "/opt/IBM/WebSphere/Plugins/config/actionRegistry/actions"): error=2, A file or directory in the path name does not exist.

The fix for this APAR is targeted for inclusion in IBM WebSphere Application Server fix pack 8.5.5.24 and 9.0.5.16. For more information, see Recommended Updates for WebSphere Application Server.

As IBM Cloud Pak System Software for Power does not support the File-Based Backup and Restore function of the VMware vCenter Server Appliance, ignore the error for the vCenter Server Appliance Management Interface (VAMI) restore.

To complete the restore process, use the component level restore and skip the Virtual appliances component. For more information, see Restoring component level data.

Problem

When you log in to the IBM Cloud Pak System user interface and try to access the virtual machine console, it is not accessible and redirects to an error page with the following message:

Not Found
The page you have requested has flown the coop.
Perhaps you are here because:


The page has moved
The page no longer exists
You were looking for your puppy and got lost
You like 404 pages
Go Home

Workaround

Log in to the virtual machine by using Secure Shell (SSH) from a terminal window to access the virtual machine console.

Problem

Do not use the IBM OS Image for Red Hat Linux Systems Red Hat Enterprise Linux 64-Bit Version 8.6 (RHEL 8.6 X64), Version 4.0.1.0 image for RHEL 8.6 deployments in IBM Cloud Pak System.

Workaround

Instead, use the IBM OS Image for Red Hat Linux Systems Red Hat Enterprise Linux 64-Bit Version 8.6 (RHEL 8.6 X64), Version 4.0.2.0 image for RHEL 8.6 deployments in IBM Cloud Pak System.

Problem

As a user, you might encounter an event as follows:

“HMC-Hardware problem.: (XXXXXXX) Management Console (MC) RMC connection to partition monitoring fault”

To determine and troubleshoot whether the problem is with the RMC connection or whether it is a fault alarm that is notified due to momentary failure in RMC connections, you must download the system troubleshooting logs.

Workaround

Do these steps:

1. Log in to the IBM Cloud Pak System user interface.
2. Go to System > System troubleshooting > Collect system logs > Platform System Manager management (most common) logs.
3. Download and extract the collected mgmt_node_leader/pvmInfo.txt log file to your system.
4. Open the file in an editor for edits.
5. Check for the “LPAR RMC summary: RMC is active on (n of n) Running LPARs” string in the log file, where ‘n’ is the virtual machine (VM) count. For example, see the following log block:

   HMC-1: address: <ipaddress>  version: V8R8.7.0 - Build level 1712090351
      Server-8284-22A-SN7899CEX  state: Operating address: fe80:0000:0000:0000:0a94:efff:fe80:1e91%eth0 fsp_version: 01SV860_138 fsp_exp_date: 05/09/2071
         vios2 state: Running rmc_state: active address <ipaddress> :4d01 version: VIOS 3.1.0.21 (31021P3) HA: BACKUP_SH
         vios1 state: Running rmc_state: active address: <ipaddress> :4561 version: VIOS 3.1.0.21 (31021P3) HA: PRIMARY_SH
         VIOS RMC verificaton test: passed
        LPAR RMC summary: RMC is active on (21 of 21) Running LPARs

   In this example, (21 of 21) indicates that 21 active connections with 21 virtual machines are available, where 21 is the number of virtual machines that are deployed in the HMC. If the count is less that 21, it indicates that a problem exists.

6. See whether all the RMCs are active or not.
7. If all RMCs are active, you can ignore the event. If any RMC is missing or is not equivalent to the virtual machine count, contact IBM Support.

Problem

A Must Gather Logs script package from the Virtual System Instances page of the IBM Cloud Pak System user interface might fail due to a large /var/log/lastlog sparse file in Red Hat Enterprise Linux (RHEL) virtual machines. For more information, see https://access.redhat.com/articles/3314. With the help of an external configuration file, users can exclude the /var/log/lastlog file.

Resolution

If you want to exclude files from the Must Gather Logs script package, create an external configuration file that is called as scriptpackage.cfg in the relevant directory. Add the 'mustgatherexcludefiles' key with comma-separated values of the files that you want to exclude. To exclude the files from the Must Gather Logs script package run, complete these steps:

1. Create the scriptpackage.cfg file in the relevant directory with the necessary configuration.
2. Run the Must Gather Logs script package from the Virtual System Instances page of the IBM Cloud Pak System user interface.
3. If needed, you can also verify the logs.

Use the following structure of the scriptpackage.cfg configuration file:

[mustgather]
mustgatherexcludefiles =

For example, do these steps:

1. To exclude the /var/log/lastlog file, create the scriptpackage.cfg file in the /var/log directory with the following entry:

   [mustgather]
   mustgatherexcludefiles = /var/log/lastlog

2. To exclude the /var/log/lastlog and the /var/log/tallylog files, create the scriptpackage.cfg file in the /var/log directory with the following entry:

   [mustgather]
   mustgatherexcludefiles = /var/log/lastlog, /var/log/tallylog

Problem

The OpenShift Container Platform cluster does not start gracefully if the cluster needs to be restarted for some reason such as an OpenShift Container Platform upgrade.

Workaround

During restart of the OpenShift Container Platform cluster, ensure that all the OpenShift Container Platform nodes (master, worker, and bootstrap) are started after the primary helper node is started. The OpenShift Container Platform nodes require the DNS or DHCP services to be available during startup, which runs on the primary helper node. Therefore, the primary helper node must be up and running before the OpenShift Container Platform nodes are started.

Problem

In IBM Cloud Pak System, Horizontal Scaling actions such as Horizontal Scaling - Add Nodes or Horizontal Scaling - Remove nodes on the Manage > Operations page of the IBM Cloud Pak System user interface might not be available for IBM Control Desk Pattern Type.

Workaround

You must redeploy the instance with the requisite number of nodes. Contact IBM Support for assistance.

Problem

For Windows Server 2019 deployments on IBM Cloud Pak System, the Instance Console (Manage button on pattern instance) page of the IBM Cloud Pak System user interface does not work due to some underlying issues.

Workaround

Access the virtual machines directly through a remote desktop application to conduct any management operations such as installing a fix.

Problem

Some of the menu headers such as Instance Console, admin, and other headers might not be available for deployed instances on the Instance Console page of the IBM Cloud Pak System user interface.

Workaround

It is a known limitation, which is expected to be fixed in the upcoming release.

Problem

The Shared-Services System-Monitoring External-Service instance upgrade fails with the following message:

Upgrade System Monitoring external mode is not supported.

Workaround

Deploy a new version of the Shared-Services System-Monitoring External-Service pattern on IBM Cloud Pak System. For any information, contact IBM Support.

If the target IBM Tivoli® Monitoring shared service pattern includes middleware binary updates, then the instance upgrade would not be complete.

Problem

During the IBM Tivoli Monitoring shared service upgrade, the pattern code only gets upgraded and not the middleware binaries. Irrespective of the instance upgrade success, as the middleware binaries are not upgraded the instance upgrade is incomplete.

Workaround

You must delete the older IBM Tivoli Monitoring shared service and deploy the new shared service by using the latest IBM Tivoli Monitoring pattern type.

Problem

During the MDM 11.6.0.10 pattern deployment, the Db2 script fails and states that the mount point /db2inst is not found. However, it is observed from the logs that the mount point gets created from the add-on around few seconds after the Db2 script checks for it.

Workaround

Retry the MDM 11.6.0.10 pattern deployment process when you encounter this mount point timing problem.

Additional IP addresses cannot be assigned to the virtual machine from the Virtual Machines page. After a successful deployment of virtual appliance and virtual instance, you cannot successfully assign or configure additional IP addresses to the virtual machine from the Virtual Machines page. If you do so, the IP addresses are seen as assigned on the Virtual Machines page but they fail to assign to the virtual machine.

The deployment is successful. However, the instance expiration encounters an issue such as the local virtual machine shows as Terminated and is not available on the system. The remote virtual machine is listed as Stopped on the Virtual System Instances page and is still available on the remote system. Thus, the instance does not get deleted at the said expiration time.

The instance deployment hangs in Launching state. The problem is with the Default configure NIC add-on. Even if the virtual machine is created and is accessible, the NIC is not configured successfully and hence the failure.

The virtual pattern is deployed successfully but fails to configure the added NICs. The virtual machine is created with just one IP address.

Sometimes, few of the job logs might disappear too quickly even before you access them. If the filesystem usage is high or exceeds a certain value (around 80%), then the automatic jobs (an internal job-logs reaping mechanism) get triggered to clean up the logs and free up the disk space.

The job logs are preserved after the filesystem usage is lesser than 80%.

“errorMessage”: “Internal Server Error”,
   “rootCause”: “com.ibm.maestro.util.wrapper.exception.MaestroServerException: Internal Server Error”,
   “errorStatusCode”: 500,
   “message”: “Internal Server Error”

When you see this error, provide alternative names for the Multi cloud environment profile to create a successful Environment Profile.

If a username contains more than 64 characters, in such scenarios the Access granted list is not visible in pattern instances or environment profiles. To address this issue, delete the user that has more than 64 characters.

You might encounter some user interface elements such as labels, menus, etc. that might not show up properly when you navigate between pages.

To address this issue, either refresh the page or logout and login again.

In a multi-cloud environment profile, set the same value across the systems for IP addresses provided by.

The license reaper job under System Job Queue might remain in Running state for a day or two. It might also cause issues such as deployment failures, system backup failures, upgrade failures. If you encounter this issue, contact IBM Support for assistance.

The pattern that you created with the Add disk to IBM CloudPak Agent addon fails to deploy. Contact IBM Support for assistance.

When you create a Red Hat Enterprise Linux (RHEL) image in OVA format with the RHEL ISO file, it results in some known issues. As an alternative, extend the RHEL OS image and customize it according to your requirement. For more information, see Extending and capturing virtual images.

If you notice issues while you access the Service console with a newly created user, then contact IBM Support.

• The administration report name is in English for all non-English languages. Though the name of the report is in English language for non-English locale user interface, continue to download the report as the actual contents of the report are in the expected local language.
• Filtering based on user or users group and date does not work.

When you attach a block volume to a virtual machine from the Virtual Machines page, it sometimes fails and the volume goes into Pending state. If you encounter this failure, contact IBM Support for assistance.

Multisystem environment

• If there is a scheduled pattern deployment that deploys on both local and remote systems, then the instance might not show up in the Virtual Instance page of the remote system. However, after the deployment starts, it gets listed in launching state in the Virtual Instance page for both local and remote systems.
• If a virtual machine of an instance is available in the local system, then its details can be modified by a non-owner who does not have the necessary permissions. If all the virtual machines of an instance are on remote systems, then an update of the instance by a non-owner might fail with the following error:

  CWZKS0413E: Failed to send updateDeployment command for deployment-id. 
  CWZKS7600E: No data available fromrack: Service failed to authenticate 401"

  Before you update, make sure that the user ID has all the permissions on the instance.

• If an instance has virtual machines both on local and remote systems, then the generated Chargeback report includes details only for the virtual machines in the local system. If all virtual machines of an instance are available in remote systems, then the report does not include any details of that instance.
• Deployments across different remote systems might encounter errors when the respective deployment is set to maintenance mode.

  This problem occurs when a multi-system deployment has the master node in a different system and you configured it based on the hostname.

  As a resolution, do either of the following options:

  • Set the deployment to maintenance mode from another system.
  • In both the systems (including master), edit the /data/config/hostallowlist.txt file to add the fully qualified domain name of both the systems.

  For any further issues, contact IBM Support.
• In the Operations tab of the Virtual System Instance > Instance Console page, you might not see the Manual Scaling > Vertical Scaling - Modify memory size option for some virtual machines.
• The Revert button to revert the changes might be disabled when you update an instance. In such a case, you cannot revert the changes that are made to the instance, but can commit the changes or resume the previously taken snapshot.
• The Run until deployment option might not work as expected for remote virtual machines. Even if the time reaches the value that is set for Schedule > Run until, the instance does not get deleted. Some of the virtual machines remain in Stopped state while others stay in Terminated state.
• A virtual machine workload instance gets deployed on a system based on the placement algorithm. However, the password policy check occurs against the password policy that is configured for that specific environment profile in each Platform System Manager (PSM). The specific system where the virtual machine gets deployed is not considered.
• Loading Environment Profile takes some time

  This issue is due to the synchronization across the systems of a multi-system environment. For example, if a property gets changed in a remote system, you need to refresh the data in other systems of that environment. To achieve that, from each of the systems in the environment, you must have an additional parameter that is sent in the request API as refresh=true. This operation deletes the older storehouse JSON and creates a new JSON with latest values.

• Environment limits and license gets wrongly applied during deployment

If a user does not have Workload resources administration permissions of type View all workload resources (Read-only) or Manage workload resources (Full permission), then the user cannot view the deployed instances of other users even if they grant permissions. The workaround for this issue is to provide the user with read/full permission on Workload resources administration.

• Environment profile restore operation does not link with cloud groups that are on a remote server

  Problem

  In IBM Cloud Pak System, cloud groups in a multi-system setup might not get attached to an environment profile after a restore operation.

  Workaround

  You must manually attach or link the cloud groups with an environment profile. If you need further assistance, contact IBM Support.

• Environment profile component restore does not reset original parameter values

  Problem

  Component restore of environment profiles does not reset the individual values of environment profiles parameters to their earlier values when the environment profile component backup was taken.

  Workaround

  You must manually set these values again.

• Restore from system backup: A manually initiated or scheduled system backup is needed post Platform System Manager (PSM) failover. Each PSM has a unique encryption-related key that must be copied to the backup server host. Hence, it is essential to initiate a full system backup and avoid delta backup after a PSM failover.

  Note: If the full system restore is successful, verify whether the High Availability Status in PSM is online before you attempt operations, for example, pattern deployment.

  If PSM failover occurs, then restore to any backup that was taken after the failover. This action ensures that no encryption-related key mismatch exists and the restore is successful. If you initiate restore after PSM failover without a system backup, then the system restore fails with the following errors.

  • PSM nodes change to Ineligible state.
  • After a few hours, one of the PSM node state changes to 'Non-leader'.

  To restore the PSM and resume online services, contact IBM Support.

  A full system restore job might fail with other network errors even when the metadata files and databases are restored and even after a successful system restart. Determine whether the system is in a healthy state. If not, contact IBM Support.

• When you back up Pattern Types > Workload component, the job fails with the following error:

  CWZIP1900E An internal error com.ibm.iaas.backup.util.BackupRestoreException: CWZIP9548E Return from GET on patternTypes/itm/1.0.17.0/export?check with status 500: { "errorMessage": "", "rootCause": "com.ibm.maestro.util.wrapper.exception.MaestroServerException: ", "errorStatusCode": 500, "message": "" } occurred. For details, see the log/trace files.

  Do the following workaround to backup successfully:

  1. As a root user, log in to IBM Cloud Pak System command prompt or shell.
  2. Run the following command and check whether its output is 0:

     cat /proc/sys/net/ipv4/tcp_tw_reuse

  3. If the value is 0, run the following command to set it to 1:

     sysctl -w net.ipv4.tcp_tw_reuse=1

• The full system restore job might fail with other network errors even though the metadata files and databases are restored and the system gets restarted successfully.
  An error message similar to the following sample is available in restore log:

  Exception java.net.NoRouteToHostException: Error opening socket to server /fd8c:215d:178e:c51e:290:fa71:fa05:5cd0 on port 50,002 with message: No route to host (Host unreachable). ERRORCODE=-4499, SQLSTATE=08001 Caused by: No route to host (Host unreachable) 
  backup.BackupDB2 | Restoring DB IPASDB dbInfo: {instance=db2inst, logpath=/data/system/db2/sqlogdir/IPASDB, archlogpath=/data/system/db2/sqlarchlogdir/IPASDB, templogpath=/data/system/db2/tmplogdir/IPASDB} pooljvm.1616649284287.1509 [03-25-21 06:06:54] 0031 backup.BackupDB2 | Quiescing DB2 instances... pooljvm.1616649284287.1509 [03-25-21 06:06:54] 0031 utils.process | executing command: [su, -, db2inst, /bin/sh, -c, /data/purescale/db2_11.5.0.0/bin/db2gcf -s -i db2inst | grep 'DB2 State' | cut -f2 -d':'] pooljvm.1616649284287.1509 [03-25-21 06:06:55] 0031 utils.process | executing command: [su, -, db2inst, /bin/sh, -c, /data/purescale/db2_11.5.0.0/bin/db2gcf -s -i db2inst | grep 'DB2 State' | cut -f2 -d':'] pooljvm.1616649284287.1509 [03-25-21 06:06:55] 0031 utils.process | executing command: [su, -, db2inst, /bin/sh, -c, /data/purescale/db2_11.5.0.0/bin/db2 get snapshot for dbm | grep 'Database manager status' | cut -f2 -d'='] pooljvm.1616649284287.1509 [03-25-21 06:06:56] 0031 utils.process | executing command: [su, -, db2inst, /bin/sh, -c, /data/purescale/db2_11.5.0.0/bin/db2 connect to IPASDB; /data/purescale/db2_11.5.0.0/bin/db2 quiesce db immediate force connections; /data/purescale/db2_11.5.0.0/bin/db2 connect reset; /data/purescale/db2_11.5.0.0/bin/db2 deactivate database IPASDB] pooljvm.1616649284287.1509 [03-25-21 06:06:57] 0959 async.pool.PoolOutputStream | com.ibm.pdq.runtime.exception.DataRuntimeException: [pdq][0][2.7.116] CWPZC9001E: Could not obtain Connection from org.apache.commons.dbcp.PoolingDataSource; Caused by: com.ibm.db2.jcc.am.DisconnectNonTransientConnectionException: [jcc][t4][2043][11550][4.14.113] Exception java.net.NoRouteToHostException: Error opening socket to server /fd8c:215d:178e:c51e:290:fa71:fabe:2b7c on port 50,002 with message: No route to host (Host unreachable). ERRORCODE=-4499, SQLSTATE=08001 pooljvm.1616649284287.1509 [03-25-21 06:06:57] 0959 async.pool.PoolOutputStream | at zero.data.internal.DataRuntimeExceptionFactory.create(DataRuntimeExceptionFactory.java:14) pooljvm.1616649284287.1509 [03-25-21 06:06:57] 0959 async.pool.PoolOutputStream | at zero.data.Manager.retrieveConnection(Manager.java:654) pooljvm.1616649284287.1509 [03-25-21 06:06:57] 0959 async.pool.PoolOutputStream | at zero.data.Manager.queryFirst(Manager.java:1329) pooljvm.1616649284287.1509 [03-25-21 06:06:57] 0959 async.pool.PoolOutputStream | at zero.data.groovy.Manager.queryFirst(Manager.java:635) pooljvm.1616649284287.1509 [03-25-21 06:06:57] 0959 async.pool.PoolOutputStream | at zero.data.groovy.Manager$queryFirst.call(Unknown Source) pooljvm.1616649284287.1509 [03-25-21 06:06:57] 0959 async.pool.PoolOutputStream | at data.ManagerWrapper$1.run(ManagerWrapper.groovy:190

  As a troubleshooting step, check whether the system is in a healthy state. If the system is not healthy, contact IBM Support.

If multiple virtual system patterns get deployed at the same time through a script or some automation tool, then some of those instances remain in launching state forever. However, you can access those virtual machines by using SSH.

As a resolution, contact IBM Support to restart the Service60.

• System Monitoring shared service deployment failure
• Starting or stopping of shared service by non-owner might fail
  Starting or stopping of shared service by non-owner might fail with the following error:

  "CMPRE0001E: An internal server error occurred."

  To resolve, start or stop the shared service instance by using the user who created the instance.
• In the instance page, the values of System Monitoring Name and Service version varies after the update of Shared Service Instance.

• Platform System Manager (PSM) must use Network Time Protocol (NTP) servers to keep system date and time synchronized with an external reference time, and the NTP server time is used as a reference. All components in the system, such as hardware and hypervisors, synchronize their clocks with the system clock to ensure consistency. If the NTP server time is not set, workload instances might consist of deployment errors and the following error is seen in the workload logs:

  ERROR CWZSE0027E: The timestamp in a request falls outside of tolerance range with respect to the local current time

  As a resolution, configure NTP and redeploy the workload instance. For more information, see Configuring date and time settings.

• Sometimes, Windows deployments fail to launch and the instance is stuck in the "Launching" state. For example, you might see the following error in the logs:
  0config:

   
  2020-09-21 07:39:24,035 [ERROR] [0config] HTTP response 401 downloading https://172.17.174.4:9444/storehouse/user/deployments/d-f8e87add-4f08-4b1d-ae91-2a6c0c0aff5d/deployment.json
  Traceback (most recent call last):
    File "c:\0config\_0config.py", line 340, in curl
      with closing(opener.open(request, timeout=300)) as src:
    File "c:\python27\lib\urllib2.py", line 435, in open
      response = meth(req, response)
    File "c:\python27\lib\urllib2.py", line 548, in http_response
      'http', request, response, code, msg, hdrs)
    File "c:\python27\lib\urllib2.py", line 473, in error
      return self._call_chain(*args)
    File "c:\python27\lib\urllib2.py", line 407, in _call_chain
      result = func(*args)
    File "c:\python27\lib\urllib2.py", line 556, in http_error_default
      raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
  HTTPError: HTTP Error 401: Unauthorized
  2020-09-21 07:39:24,035 [DEBUG] [0config] update status to ERROR
  2020-09-21 07:39:24,132 [DEBUG] [0config] https://9.9.9.9:9443/services/deployments/None/command
  2020-09-21 07:39:24,147 [WARNING] [0config] no CA certificate available for verification.
  

  storehouse trace:

  [21/Sep/2020 02:39:24:283 -0400]  000245ef   id=         maestro.storehouse.internal.multinode.jdbc.MultiNodeJDBCImpl method=get Unsecured state: allowUnsecured=false; canDownload=false; inPolicy=false
  [21/Sep/2020 02:39:24:283 -0400]  000245ef   id=         com.ibm.maestro.storehouse.internal.StorageServerResource    method=get exit
  [21/Sep/2020 02:39:32:133 -0400]  000245ef   id=         com.ibm.maestro.security.utils.SecurityUtils                 method=verifyTimestamp ERROR_VALIDATE_TIMESTAMP
                                                                                                                        Mon, 21 Sep 2020 07:39:23 GMT
                                                                                                                        Mon, 21 Sep 2020 06:39:32 GMT
  [21/Sep/2020 02:39:32:134 -0400]  000245ef   id=         com.ibm.maestro.security.utils.SecurityUtils                method=verifyTimestamp ERROR_VALIDATE_TIMESTAMP
                                                                                                                        Mon, 21 Sep 2020 07:39:23 GMT
                                                                                                                     Mon, 21 Sep 2020 06:39:32 GMT
  [21/Sep/2020 02:39:32:134 -0400]  000245ef * id=         com.ibm.maestro.security.loginservice.AbstractLoginService   method=validate ERROR CWZSE0027E: The timestamp in a request falls outside of tolerance range with respect to the local current time, request timestamp: Mon, 21 Sep 2020 07:39:23 GMT
  [21/Sep/2020 02:39:32:134 -0400]  000245ef   id=         com.ibm.maestro.security.loginservice.AbstractLoginService   method=validate 401
  [21/Sep/2020 02:39:32:134 -0400]  000245ef * id=         com.ibm.maestro.security.deployer.BaseLoginAuthenticator     method=validateRequest ERROR CWZSE0955E:  Encountered an exception during authentication javax.security.auth.login.FailedLoginException: 401 :  FAILURE
  [21/Sep/2020 02:39:32:134 -0400]  000245ef   id=         com.ibm.maestro.security.deployer.BaseLoginAuthenticator     method=printRequestInfo HTTP request: (GET /storehouse/user/deployments/d-f8e87add-4f08-4b1d-ae91-2a6c0c0aff5d/deployment.json)@1854578168 com.ibm.ws.jetty.adapter.JettyRequestImpl@6e8a9df8
  

  The workaround for this defect is as follows :

  1. Set up the NTP serves. For the actual steps, see Configuring date and time settings.
  2. Raise a PMR and contact IBM Support to rerun 0config script in the virtual machine.

The Internal Management Logs collection can fail on NE0152T switch. If failure occurs, contact IBM Support to collect the logs.

When you change the browser language after you log in to IBM Cloud Pak System console, the console menu might not render properly and can result in an inconsistent mix of different languages. As a workaround, relogin to the IBM Cloud Pak System console.

• Password policy
  • After you upgrade IBM Cloud Pak System version and deploy an instance successfully, login to the instance might fail with the following message:

    access denied

    This issue is an inconsistent behavior. As a resolution, if you encounter this issue, redeploy the system instance.
  • The Minimum number of characters for passwords in pattern instance deployment drop-down list is the sum of the minimum number of alphabetic and non-alphabetic characters, and you can select a value in the range 1 - 32. If you select 0 from the drop-down list for Minimum number of alphabetic characters for passwords in pattern instance deployment or Minimum number of non-alphabetic characters in pattern instance deployment, then the specific character type (alphabetic or non-alphabetic) is not considered for the password.
    Note: The "non-alphabetic" characters include both numbers and special characters.
  • When you select an invalid entry, the database is not updated and the following error message is displayed:

    Virtual machine password policy configuration error. 
    The sum of minimum number of non-alphabetic characters in virtual machine password and minimum number of alphabetic characters in virtual machine password must be less than or equal to minimum number of characters in virtual machine password

    Also, the drop-down list values are not updated with the old database values. To resolve this issue, use the refresh icon on the upper right of the page to refresh the environment profiles page.
  • During the environment profile cloning, the password values get reset to default values. This value is 8 for Minimum number of characters for passwords in pattern instance deployment, 1 for Minimum number of alphabetic characters for passwords in pattern instance deployment, and 1 for Minimum number of non-alphabetic characters in virtual machine password.
  • Certain patterns have their own password policy restrictions, for example, the system administrator password field in OpenShift must have a minimum of 32 characters. Db2 password policy must adhere to the minimum Db2 password requirement. In such cases, set the values in the pattern or during deployment such that it obeys the pattern-specific password requirements.
  • The password policy is applicable to the passwords listed in the pattern deployment page.
  • If an administrator user enters ******** during pattern deployment, it bypasses the password policy check.
  • When you deploy a pattern, a stringent password property in a pattern overrides the equivalent password policy rule in the selected environment profile.
  • The behavior is as follows:

    Admin user

    The password policy check is enforced during pattern deployment for pre-saved passwords or if the passwords are entered manually before deployment.

    Non-admin user

    The password policy is enforced during pattern deployment if and only if, the passwords are manually entered before deployment. The password policy check is not enforced for pre-saved passwords. The pre-saved passwords are masked by a default password for security reasons. Therefore, ensure that the pre-saved password conform to the password policy according to the environment profiles that are being used.

    LDAP user

    The preceding aspects apply for admin and non-admin users.

• In the Hardware > Network Devices > Internal Management Switch page, switch commands cannot be run from the user interface. You can still access the information by using switch CLI commands.
• When you run diagnostics in the Hardware > Network Devices > Internal Management Switch page, the following error message is displayed.

  No Diagnostics (VGEN) MerionNetworkSwitch exists with option..,

  This error does not affect the normal functioning of the switch. Contact IBM Support if you have any functional problems with the switch.
• The Internal Management Logs collection can fail on the NE0152T switch. If failure occurs, contact IBM Support to collect the logs.