General Page

This document contains tips for successful installation of AIX 7.1 and is updated as new tips become available.

Last Update: 1 November 2022

Technology Levels and Service Packs mentioned in this document, when available, can be obtained from Fix Central at:

https://www.ibm.com/support/fixcentral

General Recommendations

The AIX installation DVDs and the level of AIX preinstalled on new systems might not contain the latest fixes available at the time you install the system. Some of these fixes might be critical to the proper operation of your system. We recommend that you update to the latest service pack level, which can be obtained from Fix Central.

When updating to a new Technology Level, it is a good practice to first update the bos.rte.install update in a separate installation session.

With certain combinations of updates, the update process might have to be run a second time in order to apply all updates in a package. Checking the output of the 'oslevel -r' and 'oslevel -s' commands for the expected values after an update is recommended. Until the update is run a second time, the output of the oslevel command might not indicate that the package is fully installed.

The compare_report command, which is documented in the AIX Commands Reference, can be used to determine which available updates are newer than those installed on your system.

Any library or executable file that is updated by an interim fix (emgr) or service update, which is in use by an active process, will not be reflected in that process until it is restarted. In addition, any process that is using a library and does a dlopen() of the same library after the library has been updated, could experience inconsistencies.

Commit all applied updates before upgrading to a new service pack or technology level. If using workload partitions (WPARs), commit all applied updates in the WPARs before updating the global LPAR.

1 November 2022

SUMA workaround for November security change

On 11 November 2022, the service that SUMA relies on to retrieve fixes will undergo a security change causing SUMA commands to fail unless default settings are changed by running the following command:

# suma -c -a DOWNLOAD_PROTOCOL=https

This one-time change to the default SUMA communication protocol will not be necessary on future levels of AIX, namely:

AIX 7.3 TL1 SP1 (7300-01-01-2246) - estimated to be available 2 December 2022

AIX 7.2 TL5 SP5 (7200-05-05-2246) - estimated to be available 2 December 2022
AIX 7.1 TL5 SP11 (7100-05-11-2246) - estimated to be available in March 2023

20 May 2022 - Updated 25 May 2022

Firewall Changes May Be Needed For Fix Retrieval

IBM is planning to implement infrastructure improvements to electronic fix distribution in early June.

Public internet IP address and hostnames are changing for the IBM servers that support internet delivery of fixes and updates for customer system's software, hardware, and operating systems.

This change pertains to all operating systems supported by IBM Electronic Fix Distribution (EFD) / IBM Fix Central system.

Customer action might be required to ensure uninterrupted fix delivery services.

See the full bulletin for details.

Service Update Management Assistant (SUMA) is not affected by this change.

Update: 18 January 2022

The suma command fails to retrieve list from fix server

As of 27 June 2022, suma commands on older levels of AIX will fail with errors like:

% suma -x -a Action=Preview -a RqType=Latest
****************************************
Performing preview download.
****************************************
Partition id was unassigned; will attempt to assign it.
Partition id assigned value 19
0500-013 Failed to retrieve list from fix server.

The suma command relies on trusted root certificates to enable SSL/TLS communication with IBM servers. Some of the certificates are expiring 27 June 2022, and new certificates are required.

These levels (and later) have the new certificates and are not affected by this issue:

AIX 7.3 released in December 2021

AIX 7.2 7200-05-03-2135 released in September 2021

AIX 7.2 7200-04-05-2148 planned for release in February 2022

AIX 7.1 7100-05-09-2135 released in September 2021

Older levels require an interim fix. They can be retrieved by using FTP, HTTP, or HTTPS.

For AIX 7.2 Technology Level 7200-05, use:

https://aix.software.ibm.com/aix/ifixes/ij34481/ECCJKS02.220111.epkg.Z

For all earlier levels of AIX 7.2, use:

https://aix.software.ibm.com/aix/ifixes/ij34325/ECCJKS01.220111.epkg.Z

For AIX 7.1, use:

https://aix.software.ibm.com/aix/ifixes/ij34324/ECCJKS03.220111.epkg.Z

Apply an interim fix by using the emgr command. For example,

% emgr -e /tmp/ECCJKS01.220111.epkg.Z

Update: 20 January 2021

IJ29770: PCIe3 16 Gb 2-port Fibre Channel adapter (FC EN2A and FC EN2B) fails to configure

Devices attached via PCIe3 16 Gb 2-port Fibre Channel adapter (FC EN2A and FC EN2B; CCIN 579D) will not configure, and therefore cannot be installed to, when booted from any of the following:

AIX 7.1 TL5 DVD media with label "LCD8-1491-23" or "LCD8-1507-23"
AIX 7.1 TL5 ISO images obtained from the Entitled Systems Support (ESS) site before 15 January 2021:

AIX_v7.1_Install_7100-05-07-2037_DVD_1_of_2_112020_LCD8149123.iso
AIX_v7.1_Install_7100-05-07_2037_DVD_2_of_2_112020_LCD8149223.iso
AIX_v7.1_Install_7100-05-07-2038_flash_112020_LCD8235807.iso

AIX 7.1 TL5 ISO images obtained from Passport Advantage before 15 January 2021:

aix_7100-05-07-2037_1of2_112020.iso
aix_7100-05-07-2037_2of2_112020.iso
aix_7100-05-07-2038_flash_112020.iso

alt_disk_mksysb images created on AIX levels up through 7100-05-07-2038

As of 15 January 2021, AIX 7.1 orders are fulfilled with corrected media and ISO images retrieved from ESS and Passport Advantage downloads will also have the fix.

Update: 17 April 2020

Preinstalled systems could show oslevel 7100-05-05-1937

Some systems were preinstalled such that oslevel -s reports 7100-05-05-1937 instead of 7100-05-05-1939. These systems cannot be updated to Service Pack 7100-05-05-1939 because those changes are already installed.

Update: 10 May 2019

Service Packs and CVE-2018-6922

When updating to any of:

7100-05-04-1914 (or later)
7100-04-08-1914 (or later)

Be aware that interim fixes obtained in response to security bulletin "Vulnerability in FreeBSD affects AIX (CVE-2018-6922)" set the default value of the new tcp_maxqueuelen network option to 1000. But there is no single nonzero value appropriate for all systems, so the listed service packs will deliver a default value of zero. Systems where the option has been manually set will see no change upon applying SPs since the manually configured value are used instead of the defaults. All other systems will see the value revert to zero after application of the SP, so administrators are encouraged to identify and set values that work best for their environment. For advice on choosing a value, see technote https://www-01.ibm.com/support/docview.wss?uid=ibm10794755.

Update: 20 March 2018

POWER4 boot hang with 7100-05-02-1806

Attempting to boot a POWER4 system "all resources" partition at service pack 7100-05-02-1806 will result in a hang in h_get_cpu_characteristics(). This service pack level is available on physical media and via ESS download only (not FixCentral). The APAR for this issue on TL 7100-05 is IJ04517.

It is recommended that POWER4 customers running "all resources" partitions should forego this level and instead update to 7100-05-02-1810 or later, which has the fix.

Updating from pre-TL5 to TL5 or later with RPMs

Users with RPMs installed who are updating or migrating to AIX 7.1 TL5 are advised to refer to the following Technotes:

Avoiding Missing RPM Issues http://www-01.ibm.com/support/docview.wss?uid=isg3T1027160

Resolving Missing RPM Issues http://www-01.ibm.com/support/docview.wss?uid=isg3T1027161

Update: 3 November 2017

Java6 Removal

Service Pack 7100-04-05 enables removal of Java6. After applying 7100-04-05, simply run the following command if you want to remove Java6 (both 32-bit and 64-bit) from your system:

% installp -u Java6.\* Java6_64.\*

For additional details and considerations on uninstalling Java, see the following technote: IBM Java for AIX HowTo: Uninstall IBM Java

Updating openssl NIM servers to 7100-04-03

If you have a NIM server configured to use NIM with openssl, NIM will no longer work after the server is updated to 7100-04-03.

This happens because /usr/lib/libssl.so and /usr/lib/libcrypto.so are missing after the update.

To work around this problem, you can manually extract the missing files from archives on the system using the following steps (run as root):

% cd /usr/lib
% ar -xv libssl.a libssl.so
% ar -xv /usr/lib/libcrypto.a libcrypto.so

Update: 27 January 2017

7100-04 Service Pack 3

As of 2016/12/20, Service Pack (SP) 7100-04-03-1642 was updated on FixCentral to add three additional fixes:

IV91431 getsockname() returns incorrect namelength
IV91019 crash in vioent_init_ls_timer when poll_uplink=yes
IV90295 support for new tl/sp

To reflect that the content had been augmented, the name of the SP was incremented to 7100-04-03-1643 for ordering purposes only.

Once downloaded and applied to a system, the oslevel output will still be:

% oslevel -s
7100-04-03-1642

Presence of the additional fixes can be verified using instfix:

% instfix -iqk IV91431
   All filesets for IV91431 were found.
% instfix -iqk IV91019
   All filesets for IV91019 were found.
% instfix -iqk IV90295
   All filesets for IV90295 were found.

Update: 30 November 2016

VIO Client Crash with poll_uplink=yes

VIO client LPARs running the AIX 7100-04 Technology Level with devices.vdevice.IBM.l-lan.rte at 7.1.4.30 might crash during reboot if using virtual ethernet with the poll_uplink attribute set to 'yes' for any virtual ethernet adapter device.

The device attribute can be verified with:

% lsattr -El entX -a poll_uplink

When updating to an affected level, be sure to apply the fix for APAR IV91019 before reboot. Until the fix is available in a service pack, an interim fix is available from either:

ftp://aix.software.ibm.com/aix/ifixes/iv91019/ or https://aix.software.ibm.com/aix/ifixes/iv91019/

Installation of the interim fix requires a reboot.

If hit, the crash will show information similar to:

Illegal Trap Instruction Interrupt in Kernel
.vioent_init_ls_timer+000000 tdllti r31,200

If this crash is experienced, the system can be recovered by temporarily removing the virtual ethernet device(s) from the LPAR profile and rebooting. Then the attribute can be unset and the system reactivated with the original profile.

The device attribute can be changed with:

% chdev -l entX -a poll_uplink=no

Update: 11 November 2016

jfs2 Tuning for Migrated AIX 6.1 Systems

The default value of the j2_inodeCacheSize tunable parameter was changed from 400 to 200. The j2_inodeCacheSize tunable parameter allows approximately 50,000 open files per gigabyte (GB) of main memory, and improves system performance. However, the j2_inodeCacheSize tunable parameter value of 200 can cause issues in systems that have a small amount of main memory (4 GB or less) and many concurrent users or many concurrent open files. To fix these issues, you can change the values for the j2_inodeCacheSize and the j2_metadataCacheSize tunable parameters from 200 to the previous value of 400 by running the following command.

Note: When you run the following command, the current value and boot value of both the tunable parameters are reset.

% ioo -p -o j2_inodeCacheSize=400 -o j2_metadataCacheSize=400

If the issues are not fixed after you change the values for the j2_inodeCacheSize and the j2_metadataCacheSize tunable parameters, you can contact IBM Support.

Update: 25 July 2016

Cannot boot from USB-attached DVD

Volume 1 of the AIX 7.1 7100-04-02 DVD install media will not boot in a USB-attached DVD drive and cannot be used to install a system using such a drive.

To identify affected (bad) media, check the DVD label for the following:

TL 7100-04-02
05/2016
LK4T-1710-12
LCD8-1491-12

A fixed (good) DVD label shows:

TL 7100-04-02.1
07/2016
LK4T-1710-13
LCD8-1491-13

Note that the TL, date, and form numbers have all been incremented on the fixed media. As of 2016/07/18, all media orders ship with a fixed version of the DVD. Customers with affected media can get updated ISO images through the Entitled Systems Support (ESS) website.

Update: 17 June 2016

7100-03 Service Pack 5 Installation

When applying the 7100-03 Technology Level with Service Pack 5 or later, you might have to run 'smitty update_all' a second time to update adde.v2.common or adde.v2.ethernet. Until this is done, the 'oslevel -s' command might not indicate the correct level.

Update: 4 December 2015

7100-04 Installation

When applying or migrating to the 7100-04 Technology Level, the file set rsct.core.utils 3.2.1.0 is applied to the system. This level of RSCT is incompatible with rsct.vsd and rsct.lapi.rte file sets that might already be installed. rsct.vsd and rsct.lapi.rte should be uninstalled before applying updates or migrating to 7100-04. In addition, after the file sets are removed, the /opt/rsct directory needs to be renamed, using a command like:

% mv /opt/rsct /opt/rsct.old

Failure to remove the file sets or to rename the directory will result in an error during the installation of the rsct.core.utils 3.2.1.0 file set:

rmdir(/opt/rsct): Do not specify an existing file.

sysck: 3001-017 Errors were detected validating the files

for package rsct.core.utils.



0503-464 installp: The installation has FAILED for the "usr" part

In addition to preventing rsct.core.utils from moving to the proper level, many requisite rsct file sets will not be updated/migrated.

To recover a failed update operation, first ensure that rsct.lapi.rte and rsct.vsd are removed from the system. Then, rename /opt/rsct to /opt/rsct.old, as above. Finally, retry the update.

To recover a failed migration operation, first ensure that rsct.lapi.rte and rsct.vsd are removed from the system. Then, rename /opt/rsct to /opt/rsct.old, as above. Finally, do a smitty update_all from the migration medium to get the missing file sets installed.

7100-04 Service Pack 1

The 7100-04-01 Service Pack is considered highly recommended. 7100-04-01 is included in the 7100-04 Technology Level available on Fix Central, but systems installed before Service Pack 1 was available should install 7100-04-01. To determine if the 7100-04-01 Service Pack is installed, run the command:

% oslevel -s

The output should indicate "7100-04-01-1543".

Update: 29 May 2015

7100-03 Service Pack 5 might fill /var with RSCT logs (IV73126)

At rsct.core.utils 3.2.0.6, modifications were introduced to trace file formats to allow trace spooling to be implemented without subsystems having to be restarted. However, the old trace files are not being removed after the new files are created, so extra unnecessary space in /var is being taken up.

The exact increase will depend on which Resource Managers are active at the time.

For a standard AIX installation with no clustering product in use, the increase should be between 25 and 35 MB.

If Cluster-Aware AIX is activated (either PowerHA v7 or VIOS Shared Storage Pool), the increase should be between 50 and 60 MB.

If Tivoli System Automation for Multi-Platform (SAMP) is configured, the increase should be between 60 and 70 MB.

Workaround:

Customers who have little spare room in /var should increase the file system space, if only temporarily, before upgrading to the new code.

Whether increasing /var or not, customers who want to remove the unnecessary files can do so once the new tracing pages are in place.

Under /var/ct, run "find . -name trace*"

For any trace files in the same directory which have a form of both "filename" and "filename.x.sp", the name without the .sp ending can be deleted. For example, if in one directory you find "trace", "trace.1.sp", and "trace.2.sp", you can delete "trace". If there is no equivalent ".x.sp" copy of a file, do not delete it.

Update: 30 January 2015

7100-02 Service Pack 6 might crash with Modern Cryptographic Library

The Modern Cryptographic Library is updated from version 6.1.0.2 to 6.1.0.3 on the AIX 7.1 Expansion Pack as of November 2014. The updates include the following modcrypt file sets:

modcrypt.base.lib
modcrypt.base.includes

The new modcrypt file sets are required if the ACF and PKCS11 device driver version 7.1.2.18 (security.acf file set) is installed and you are using a Network File System (NFS) with Kerberos 5 authentication. If your system does not meet these requirements, it will crash when the NFS gssd daemon starts.

Update: 11 November 2014 (and earlier)

7100-03 Service Pack 4 might crash with Modern Cryptographic Library

The Modern Cryptographic Library is updated from version 6.1.0.2 to 6.1.0.3 on the AIX 7.1 Expansion Pack as of November 2014. The updates include the following modcrypt file sets:

modcrypt.base.lib
modcrypt.base.includes

The new modcrypt file sets are required if the ACF and PKCS11 device driver version 7.1.3.30 (security.acf file set) is installed and you are using a Network File System (NFS) with Kerberos 5 authentication. If your system does not meet these requirements, it will crash when the NFS gssd daemon starts

7100-03 Service Pack 1

The 7100-03-01 Service Pack is considered highly recommended. 7100-03-01 is included in the 7100-03 Technology Level available on Fix Central, but systems installed before the availability of Service Pack 1 should install 7100-03-01. To determine if the 7100-03-01 Service Pack is installed, run the command:

% oslevel -s

The output should indicate "7100-03-01-1341".

alt_root_vg fails with bosboot usage

If using alt_disk_copy to upgrade a system, and the current level of the rootvg is older than 6100-08 SP2 or 7100-02 SP2, then please install the bos.alt_disk_install.rte file set at the target level, on the original rootvg, before the alt_disk_copy operation. Failure to do so will result in errors creating the boot image in the alternate rootvg.

7100-02 Installation

When applying the 7100-02 Technology Level with Service Pack 1 included, you might have to run 'smitty update_all' a second time to update bos.aso and mcr.rte. Until this is done, the 'oslevel -s' command might not indicate the correct level.

7100-02 Service Pack 1

The 7100-02-01 Service Pack is considered highly recommended. 7100-02-01 is included in the 7100-02 Technology Level available on Fix Central, but systems installed before the availability of Service Pack 1 should install 7100-02-01. To determine if the 7100-02-01 Service Pack is installed, run the command:

% oslevel -s

The output should indicate "7100-02-01-1245".

Build date failure updating from 7100-01-07 to 7100-02-02

Attempting to update from 7100-01-07 to 7100-02-02 results in build date errors for the following file sets.

devices.pciex.df1060e214103704.rte
devices.pciex.df1060e214103704.diag
devices.pciex.df1060e214103a04.rte
devices.pciex.df1060e214103a04.diag

To resolve this issue, download the fix for APAR IV43009, and include the images into the same directory as the 7100-02-02 Service Pack before updating.

This issue only occurs when updating from the 7100-01-07 Service Pack.

7100-01 Installation

When applying the 7100-01 Technology Level with Service Pack 1 included, you will have to run 'smitty update_all' a second time to update bos.aso and mcr.rte. Until this is done, the 'oslevel' command will not indicate the correct level.

7100-01 Service Pack 1

The 7100-01-01 Service Pack is considered highly recommended. 7100-01-01 is included in the 7100-01 Technology Level available on Fix Central, but systems installed before the availability of Service Pack 1 should install 7100-01-01. To determine if the 7100-01-01 Service Pack is installed, run the command:

% oslevel -s

The output should indicate "7100-01-01-1141".

Free Space Requirements for devices.common.IBM.sni

The devices.common.IBM.sni product requires that 256MB of available, free partitions in the rootvg volume group. If this space has not been previously allocated for the sni product, a test is performed at installation time to make sure that this space is available, and if it is not, the installation will fail. If installation is successful, a test is performed when the lpar is restarted after installation to determine if the sni hardware is available, and if it is, a 256MB logical volume is allocated as /var/adm/sni.

7100-01 Update When Using Cluster Aware AIX

Due to enhancements in Cluster Aware AIX (CAA) in the 6100-07 and 7100-01 Technology Levels, CAA must be stopped before the update. Attempting to update to 6100-07 or 7100-01 with an active cluster will fail. Note that PowerHA SystemMirror 7.1 uses CAA. This procedure must be used when performing one of the following with a CAA cluster deployed.

Updating from AIX 6.1 6100-06 to 6100-07
Updating from AIX 7.1 7100-00 to 7100-01
Migrating from AIX 6.1 6100-06 to AIX 7.1 7100-01

Update Procedure for PowerHA SystemMirror 7.1

Backup the cluster configuration using the PowerHA SystemMirror snapshot facility.
Stop the PowerHA Cluster Services through SMIT. Stop cluster services on all nodes in the cluster.
Remove the CAA cluster using the command 'rmcluster -n ClusterName'.
Update the AIX Technology Level and reboot the cluster nodes.
Verify and Synchronize the CAA cluster configuration from PowerHA SystemMirror.
Restart the PowerHA SystemMirror 7.1 Cluster.

Update Procedure for Cluster Aware AIX

Save the CAA cluster configuration.
Remove the CAA cluster using the command 'rmcluster -n ClusterName'.
Update the AIX Technology Level and reboot the cluster nodes.
Redeploy the CAA cluster using the mkcluster command.

Refer to the AIX_TL_update_information_for_PowerHA_7.1.pdf document for additional information.

7100-00 Service Pack 1

Service Pack 1 is considered a highly recommended update for customers installing AIX 7.1. To determine if you already have Service Pack 1 installed, use the command:

% oslevel -s

The output should include "7100-00-01". Service Pack 1 can be obtained from the Fix Central website.

[{"Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF002","label":"AIX"}],"Version":"7.1"}]

Tips

AIX 7.1 Installation Tips